Package Search Help
You can use boolean logic (e.g. AND/OR/NOT) for complex search queries. For more help and examples, see the search documentation.
Search by package name:
my-package (implicit)
name:my-package (explicit)
Search by package filename:
filename:my-package.ext
Search by package tag:
tag:latest
Search by package version:
version:1.0.0
prerelease:true (prereleases)
prerelease:false (no prereleases)
Search by package architecture:
architecture:x86_64
Search by package distribution:
distribution:el
Search by package license:
license:MIT
Search by package format:
format:deb
Search by package status:
status:in_progress
Search by package file checksum:
checksum:5afba
Search by package security status:
severity:critical
Search by package vulnerabilities:
vulnerabilities:>1
vulnerabilities:<1000
Search by # of package downloads:
downloads:>8
downloads:<100
Search by package type:
type:binary
type:source
Search by package size (bytes):
size:>50000
size:<10000
Search by dependency name/version:
dependency:log4j
dependency:log4j=1.0.0
dependency:log4j>1.0.0
Search by uploaded date:
uploaded:>"1 day ago"
uploaded:<"August 14, 2022 EST"
Search by entitlement token (identifier):
entitlement:3lKPVJPosCsY
Search by policy violation:
policy_violated:true
deny_policy_violated:true
license_policy_violated:true
vulnerability_policy_violated:true
Search by repository:
repository:repo-name
Search by last download date:
last_downloaded:<"30 days ago"
last_downloaded:>"August 14, 2022 EST"
Search queries for all Debian-specific (and related) package types
Search by component:
deb_component:unstable
Search queries for all Maven-specific (and related) package types
Search by group ID:
maven_group_id:org.apache
Search queries for all Docker-specific (and related) package types
Search by image digest:
docker_image_digest:sha256:7c5..6d4
(full hashref only)
Search by layer digest:
docker_layer_digest:sha256:4c4..ae4
(full hashref only)
Search queries for all Generic-specific package types
Search by file path:
generic_filepath:path/to/file.txt
Search by directory:
generic_directory:path/to
Field type modifiers (depending on the type, you can influence behaviour)
For all queries, you can use:
~foo for negation
For string queries, you can use:
^foo to anchor to start of term
foo$ to anchor to end of term
foo*bar for fuzzy matching
For number/date or version queries, you can use:
>foo for values greater than
>=foo for values greater / equal
<foo for values less than
<=foo for values less / equal
Need a secure and centralised artifact repository to deliver Alpine,
Cargo,
CocoaPods,
Composer,
Conan,
Conda,
CRAN,
Dart,
Debian,
Docker,
Generic,
Go,
Helm,
Hex,
HuggingFace,
LuaRocks,
Maven,
MCP,
npm,
NuGet,
P2,
Python,
RedHat,
Ruby,
Swift,
Terraform,
Vagrant,
VSX,
Raw & More packages?
Cloudsmith is the new standard in Package / Artifact Management and Software Distribution.
With support for all major package formats, you can trust us to manage your software supply chain.
Debian
Helm
NuGet
RedHat
eventstore
(Kurrent)
/
kurrent-latest
A certifiably-awesome public package repository curated by Kurrent, hosted by Cloudsmith.
kurrentdb-rhel8
4b35fa2fb4bc5f26b5eb9d4497d…
One-liner (summary)
A certifiably-awesome package curated by ryan-b, hosted by Cloudsmith.
Description
A certifiably-awesome package curated by ryan-b, hosted by Cloudsmith.
| Status | Completed |
|---|---|
| Checksum (MD5) | 7d948afc28e64d2907984c824091f880 |
| Checksum (SHA-1) | d5c7f5c71a198c6e0bef6f90445bcc1f074a92ab |
| Checksum (SHA-256) | 4b35fa2fb4bc5f26b5eb9d4497d90a99fafc1f5b3fed2f29aac4cc3d602020fe |
| Checksum (SHA-512) | 967fe985207f14810508eeccf5d4d35152f4dd2bc79b8f5c970c18c0885dd4ed76… |
| GPG Signature | |
| GPG Fingerprint | 02a89004460aa252035d6b7d094442d90ad50bcd |
| Storage Region | Dublin, Ireland |
| Type | Binary (contains binaries and binary artifacts) |
| Uploaded At | 5 months, 3 weeks ago |
| Uploaded By |
|
| Slug Id | kurrentdb-rhel8-292e |
| Unique Id | zBAqk0BzjofP |
| Version (Raw) | 4b35fa2fb4bc5f26b5eb9d4497d90a99fafc1f5b3fed2f29aac4cc3d602020fe |
| Version (Parsed) |
|
| docker-specific metadata | |
| Image Digest | sha256:4b35fa2fb4bc5f26b5eb9d4497d90a99fafc1f5b3fed2f29aac4cc3d602020fe |
| Config Digest | sha256:90657c8c4cb5c6cc2caaedbafb79c654afc2dd4594524a01e26850914b4801d9 |
| V1 OCI Index Digest | sha256:5cff76baa0d827806a5686767112dd00cda192780dda65a4dca23161e46f8916 |
| V1 Distribution (Signed) Digest | sha256:abecd24e27fe167270b633370e7a734e9e46788c6d9185b06e2b94dafef29526 |
| V2 Distribution List Digest | sha256:0ef04fc915de3a64a0e70f14dd64dcaa11995b3b2e5717dea486975eaf242c90 |
| V2 Distribution Digest | sha256:be08782d347964474cedb254557e9f8fa1d2d2b90ff0e422b6bd67e4d2379565 |
| V1 Distribution Digest | sha256:e3f0dd100a355abba6b8c70f3abcef15833ea3f5441d71a05bac76d796a5af7f |
| V1 OCI Digest | sha256:4b35fa2fb4bc5f26b5eb9d4497d90a99fafc1f5b3fed2f29aac4cc3d602020fe |
| extended metadata | |
| Manifest Type | V1 OCI |
| Architecture | amd64 |
| Config | |
| Created | 2025-12-23 18:27:52 UTC |
| Os | linux |
This package was uploaded with the following V1 OCI manifest:
{
"schemaVersion": 2,
"mediaType": "application/vnd.oci.image.manifest.v1+json",
"config": {
"mediaType": "application/vnd.oci.image.config.v1+json",
"digest": "sha256:3079625e7de7af86a88436aa7d1f522149465ea2b5a0bc7d4920bb7229965737",
"size": 8586
},
"layers": [
{
"mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
"digest": "sha256:416e4b8ec2cfe03bd4be0e0605c36cce9271fc2b9e63383358de16af42f83a27",
"size": 39746179
},
{
"mediaType": "application/vnd.oci.image.layer.v1.tar+gzip",
"digest": "sha256:a325322cc1ee48f298a0d6617203172fa4b38add0d67be942d93cc05eab35c37",
"size": 158740590
}
]
}|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) LABEL maintainer="Red Hat, Inc." |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) LABEL vendor="Red Hat, Inc." |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) LABEL url="https://catalog.redhat.com/en/search?searchType=containers" |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) LABEL com.redhat.component="ubi8-minimal-container" name="ubi8/ubi-minimal" version="8.10" cpe="cpe:/a:redhat:enterprise_linux:8::appstream" distribution-scope="public" |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) LABEL com.redhat.license_terms="https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI" |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) LABEL summary="Provides the latest release of the minimal Red Hat Universal Base Image 8." |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) LABEL description="The Universal Base Image Minimal is a stripped down image that uses microdnf as a package manager. This base image is freely redistributable, but Red Hat only supports Red Hat technologies through subscriptions for Red Hat products. This image is maintained by Red Hat and updated regularly." |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) LABEL io.k8s.description="The Universal Base Image Minimal is a stripped down image that uses microdnf as a package manager. This base image is freely redistributable, but Red Hat only supports Red Hat technologies through subscriptions for Red Hat products. This image is maintained by Red Hat and updated regularly." |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) LABEL io.k8s.display-name="Red Hat Universal Base Image 8 Minimal" |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) LABEL io.openshift.expose-services="" |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) LABEL io.openshift.tags="minimal rhel8" |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) ENV container oci |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) COPY dir:57cd8767cc2de1088058666036651fae5d4de4153a8ad2ec9a37fd5126319dbb in / |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) COPY file:67f65df33ff6c09984969b192c50b78072a88c5655e380e734315d0229c75aa1 in /etc/yum.repos.d/. |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) CMD ["/bin/bash"] |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) COPY file:3ab5c2f18f7b2afc9a63033cf6d7fedd5acc6eb94e3217a2863e790bced26b9d in /usr/share/buildinfo/content-sets.json |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) COPY file:3ab5c2f18f7b2afc9a63033cf6d7fedd5acc6eb94e3217a2863e790bced26b9d in /root/buildinfo/content_manifests/content-sets.json |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) COPY file:ccf2ee6cb9a986004403ff655be15b875201295afbf00c12d375a2e996e0d4ad in /usr/share/buildinfo/labels.json |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: /bin/sh -c #(nop) COPY file:ccf2ee6cb9a986004403ff655be15b875201295afbf00c12d375a2e996e0d4ad in /root/buildinfo/labels.json |
32 bytes | ||
|
Digest:
sha256:416e4b8ec2cfe03bd4be0e0605c36cce9271fc2b9e63383358de16af42f83a27
Command: /bin/sh -c #(nop) LABEL "architecture"="x86_64" "vcs-type"="git" "vcs-ref"="cb07e3bdcc0d070ba23f1e819d240d97813a4492" "org.opencontainers.image.revision"="cb07e3bdcc0d070ba23f1e819d240d97813a4492" "build-date"="2025-12-18T20:53:00Z" "org.opencontainers.image.created"="2025-12-18T20:53:00Z" "release"="1766090732"org.opencontainers.image.revision=cb07e3bdcc0d070ba23f1e819d240d97813a4492,org.opencontainers.image.created=2025-12-18T20:53:00Z |
37.9 MB | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: ARG VERSION=25.1.1 |
32 bytes | ||
|
Digest:
sha256:a325322cc1ee48f298a0d6617203172fa4b38add0d67be942d93cc05eab35c37
Command: RUN |1 VERSION=25.1.1 /bin/sh -c microdnf install libicu && microdnf clean all && curl -LSs https://packages.kurrent.io/public/kurrent-latest/rpm/el/any-version/x86_64/kurrentdb-$VERSION-linux.x64-enterprise-linux.rpm -o kurrentdb.rpm && rpm -i kurrentdb.rpm --nopre --nopost && rm kurrentdb.rpm && mkdir -p /var/lib/kurrentdb /var/log/kurrentdb && chmod 777 /var/lib/kurrentdb /var/log/kurrentdb && printf "NodeIp: 0.0.0.0\nReplicationIp: 0.0.0.0" >> /etc/kurrentdb/kurrentdb.conf && mkdir -p /licenses && (cd /licenses && curl -LOSs https://raw.githubusercontent.com/kurrent-io/KurrentDB/refs/heads/master/LICENSE.md) && mkdir -p /opt/kurrentdb && setcap cap_net_bind_service+ep /usr/share/kurrentdb/kurrentd && ln -s /usr/share/kurrentdb/kurrentd /opt/kurrentdb/ # buildkit |
151.4 MB | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: VOLUME [/var/lib/kurrentdb /var/log/kurrentdb] |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: EXPOSE [1112/tcp 1113/tcp 2113/tcp] |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: HEALTHCHECK &{["CMD-SHELL" "curl --fail --insecure https://localhost:2113/health/live || curl --fail http://localhost:2113/health/live || exit 1"] "5s" "5s" "0s" "0s" '\x18'} |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: ENTRYPOINT ["/bin/kurrentd"] |
32 bytes | ||
|
Digest:
sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4
Command: USER 65534:65534 |
32 bytes |
Last scanned
5 months, 3 weeks ago
Scan result
Vulnerable
Vulnerability count
79
Max. severity
High| Target: | zBAqk0BzjofP.sbom-cyclonedx.json (redhat 8.10) | |
| HIGH |
CVE-2025-6176: Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoSScrapy versions up to 2.13.2 are vulnerable to a denial of service (DoS) attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occurs because brotli can achieve extremely high compression ratios for zero-filled data, leading to excessive memory consumption during decompression.Package Name: brotli Installed Version: 1.0.6-3.el8 Fixed Version: References: access.redhat.com github.com github.com github.com github.com github.com github.com github.com github.com huntr.com nvd.nist.gov www.cve.org |
|
| MEDIUM |
CVE-2025-5278: coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key SpecificationA flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.Package Name: coreutils-single Installed Version: 8.30-16.el8_10 Fixed Version: References: www.openwall.com www.openwall.com www.openwall.com access.redhat.com bugzilla.redhat.com cgit.git.savannah.gnu.org cgit.git.savannah.gnu.org nvd.nist.gov security-tracker.debian.org www.cve.org |
|
| MEDIUM |
CVE-2025-10966: curl: Curl missing SFTP host verification with wolfSSH backendcurl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.Package Name: curl Installed Version: 7.61.1-34.el8_10.9 Fixed Version: References: www.openwall.com access.redhat.com curl.se curl.se github.com hackerone.com nvd.nist.gov www.cve.org |
|
| MEDIUM |
CVE-2021-33294: elfutils: an infinite loop was found in the function handle_symtab in readelf.c which causes denial of serviceIn elfutils 0.183, an infinite loop was found in the function handle_symtab in readelf.c .Which allows attackers to cause a denial of service (infinite loop) via crafted file.Package Name: elfutils-libelf Installed Version: 0.190-2.el8 Fixed Version: References: access.redhat.com nvd.nist.gov sourceware.org sourceware.org ubuntu.com www.cve.org |
|
| MEDIUM |
CVE-2019-8905: file: stack-based buffer over-read in do_core_note in readelf.cdo_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.Package Name: file-libs Installed Version: 5.33-27.el8_10 Fixed Version: References: lists.opensuse.org lists.opensuse.org www.securityfocus.com access.redhat.com bugs.astron.com lists.debian.org nvd.nist.gov ubuntu.com usn.ubuntu.com www.cve.org |
|
| MEDIUM |
CVE-2025-13601: glib: Integer overflow in in g_escape_uri_string()A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.Package Name: glib2 Installed Version: 2.56.4-167.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com gitlab.gnome.org gitlab.gnome.org nvd.nist.gov www.cve.org |
|
| MEDIUM |
CVE-2025-14087: glib: GLib: Buffer underflow in GVariant parser leads to heap corruptionA flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.Package Name: glib2 Installed Version: 2.56.4-167.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com nvd.nist.gov www.cve.org |
|
| MEDIUM |
CVE-2025-14512: glib: Integer Overflow in GLib GIO Attribute Escaping Causes Heap Buffer OverflowA flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values.Package Name: glib2 Installed Version: 2.56.4-167.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com nvd.nist.gov www.cve.org |
|
| MEDIUM |
CVE-2024-57970: libarchive: heap buffer over-read in header_gnu_longlinklibarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname.Package Name: libarchive Installed Version: 3.3.3-6.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org errata.rockylinux.org github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org |
|
| MEDIUM |
CVE-2025-25724: libarchive: Buffer Overflow vulnerability in libarchivelist_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.Package Name: libarchive Installed Version: 3.3.3-6.el8_10 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org gist.github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov ubuntu.com www.cve.org |
|
| MEDIUM |
CVE-2025-60753: libarchive: bsdtar hangs and OOMs with zero-length pattern matchesAn issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).Package Name: libarchive Installed Version: 3.3.3-6.el8_10 Fixed Version: References: access.redhat.com github.com github.com nvd.nist.gov www.cve.org |
|
| MEDIUM |
CVE-2025-14104: util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernamesA flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.Package Name: libblkid Installed Version: 2.32.1-47.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com nvd.nist.gov www.cve.org |
|
| MEDIUM |
CVE-2025-10966: curl: Curl missing SFTP host verification with wolfSSH backendcurl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.Package Name: libcurl Installed Version: 7.61.1-34.el8_10.9 Fixed Version: References: www.openwall.com access.redhat.com curl.se curl.se github.com hackerone.com nvd.nist.gov www.cve.org |
|
| MEDIUM |
CVE-2019-12904: Libgcrypt: physical addresses being available to other processes leads to a flush-and-reload side-channel attackIn Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. (The C implementation is used on platforms where an assembly-language implementation is unavailable.) NOTE: the vendor's position is that the issue report cannot be validated because there is no description of an attackPackage Name: libgcrypt Installed Version: 1.8.5-7.el8_6 Fixed Version: References: lists.opensuse.org access.redhat.com dev.gnupg.org github.com github.com lists.apache.org lists.gnupg.org nvd.nist.gov people.canonical.com www.cve.org |
|
| MEDIUM |
CVE-2024-2236: libgcrypt: vulnerable to Marvin AttackA timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.Package Name: libgcrypt Installed Version: 1.8.5-7.el8_6 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org dev.gnupg.org errata.almalinux.org errata.rockylinux.org github.com gitlab.com linux.oracle.com linux.oracle.com lists.gnupg.org nvd.nist.gov www.cve.org |
|
| MEDIUM |
CVE-2025-5222: icu: Stack buffer overflow in the SRBRoot::addTag functionA stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.Package Name: libicu Installed Version: 60.3-2.el8_1 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov www.cve.org |
|
| MEDIUM |
CVE-2025-14104: util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernamesA flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.Package Name: libmount Installed Version: 2.32.1-47.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com nvd.nist.gov www.cve.org |
|
| MEDIUM |
CVE-2025-14104: util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernamesA flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.Package Name: libsmartcols Installed Version: 2.32.1-47.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com nvd.nist.gov www.cve.org |
|
| MEDIUM |
CVE-2025-5351: libssh: Double Free Vulnerability in libssh Key Export FunctionsA flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.Package Name: libssh Installed Version: 0.9.6-16.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com nvd.nist.gov ubuntu.com www.cve.org www.libssh.org |
|
| MEDIUM |
CVE-2025-8114: libssh: NULL Pointer Dereference in libssh KEX Session ID CalculationA flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.Package Name: libssh Installed Version: 0.9.6-16.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com git.libssh.org git.libssh.org nvd.nist.gov ubuntu.com www.cve.org www.libssh.org |
|
| MEDIUM |
CVE-2025-5351: libssh: Double Free Vulnerability in libssh Key Export FunctionsA flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.Package Name: libssh-config Installed Version: 0.9.6-16.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com nvd.nist.gov ubuntu.com www.cve.org www.libssh.org |
|
| MEDIUM |
CVE-2025-8114: libssh: NULL Pointer Dereference in libssh KEX Session ID CalculationA flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.Package Name: libssh-config Installed Version: 0.9.6-16.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com git.libssh.org git.libssh.org nvd.nist.gov ubuntu.com www.cve.org www.libssh.org |
|
| MEDIUM |
CVE-2025-14104: util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernamesA flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.Package Name: libuuid Installed Version: 2.32.1-47.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com nvd.nist.gov www.cve.org |
|
| MEDIUM |
CVE-2025-9714: libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.cUncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.Package Name: libxml2 Installed Version: 2.9.7-21.el8_10.3 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org gitlab.gnome.org gitlab.gnome.org linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov ubuntu.com www.cve.org |
|
| MEDIUM |
CVE-2022-4899: zstd: mysql: buffer overrun in util.cA vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.Package Name: libzstd Installed Version: 1.4.4-1.el8 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.netapp.com security.netapp.com www.cve.org |
|
| MEDIUM |
CVE-2018-19217: ncurses: Null pointer dereference at function _nc_name_matchIn ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-partyPackage Name: ncurses-base Installed Version: 6.1-10.20180224.el8 Fixed Version: References: access.redhat.com bugzilla.redhat.com lists.gnu.org nvd.nist.gov www.cve.org |
|
| MEDIUM |
CVE-2018-19217: ncurses: Null pointer dereference at function _nc_name_matchIn ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-partyPackage Name: ncurses-libs Installed Version: 6.1-10.20180224.el8 Fixed Version: References: access.redhat.com bugzilla.redhat.com lists.gnu.org nvd.nist.gov www.cve.org |
|
| MEDIUM |
CVE-2023-0466: openssl: Certificate policy check not enabledThe function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate verification. As suddenly enabling the policy check could break existing deployments it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. Instead the applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.Package Name: openssl-libs Installed Version: 1:1.1.1k-14.el8_6 Fixed Version: References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org git.openssl.org git.openssl.org git.openssl.org git.openssl.org linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov security.gentoo.org security.netapp.com ubuntu.com ubuntu.com www.cve.org www.debian.org www.openssl.org |
|
| MEDIUM |
CVE-2025-9230: openssl: Out-of-bounds read & write in RFC 3211 KEK UnwrapIssue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.Package Name: openssl-libs Installed Version: 1:1.1.1k-14.el8_6 Fixed Version: References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com github.com github.com github.openssl.org github.openssl.org linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov openssl-library.org ubuntu.com www.cve.org |
|
| MEDIUM |
CVE-2018-20839: systemd: mishandling of the current keyboard mode check leading to passwords being disclosed in cleartext to attackersystemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.Package Name: systemd-libs Installed Version: 239-82.el8_10.8 Fixed Version: References: www.securityfocus.com access.redhat.com bugs.launchpad.net github.com github.com lists.apache.org nvd.nist.gov security.netapp.com www.cve.org |
|
| MEDIUM |
CVE-2025-4598: systemd-coredump: race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dumpA vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.Package Name: systemd-libs Installed Version: 239-82.el8_10.8 Fixed Version: References: seclists.org www.openwall.com www.openwall.com www.openwall.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com blogs.oracle.com bugzilla.redhat.com bugzilla.redhat.com ciq.com errata.almalinux.org git.kernel.org github.com github.com github.com github.com github.com github.com github.com github.com linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov ubuntu.com www.cve.org www.openwall.com www.openwall.com www.qualys.com |
|
| LOW |
CVE-2023-27534: curl: SFTP path ~ resolving discrepancyA path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.Package Name: curl Installed Version: 7.61.1-34.el8_10.9 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com curl.se errata.almalinux.org hackerone.com linux.oracle.com linux.oracle.com lists.debian.org lists.fedoraproject.org nvd.nist.gov security.gentoo.org security.netapp.com ubuntu.com www.cve.org |
|
| LOW |
CVE-2024-7264: curl: libcurl: ASN.1 date parser overreadlibcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the *time fraction*, leading to a `strlen()` getting performed on a pointer to a heap buffer area that is not (purposely) null terminated. This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when [CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.Package Name: curl Installed Version: 7.61.1-34.el8_10.9 Fixed Version: References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com curl.se curl.se cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com hackerone.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com security.netapp.com security.netapp.com ubuntu.com ubuntu.com www.cve.org www.oracle.com |
|
| LOW |
CVE-2024-25260: elfutils: global-buffer-overflow exists in the function ebl_machine_flag_name in eblmachineflagname.celfutils v0.189 was discovered to contain a NULL pointer dereference via the handle_verdef() function at readelf.c.Package Name: elfutils-libelf Installed Version: 0.190-2.el8 Fixed Version: References: access.redhat.com github.com nvd.nist.gov sourceware.org sourceware.org ubuntu.com www.cve.org |
|
| LOW |
CVE-2019-8906: file: out-of-bounds read in do_core_note in readelf.cdo_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.Package Name: file-libs Installed Version: 5.33-27.el8_10 Fixed Version: References: lists.opensuse.org lists.opensuse.org access.redhat.com bugs.astron.com github.com nvd.nist.gov support.apple.com support.apple.com support.apple.com support.apple.com ubuntu.com usn.ubuntu.com www.cve.org |
|
| LOW |
CVE-2023-4156: gawk: heap out of bound read in builtin.cA heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.Package Name: gawk Installed Version: 4.2.1-4.el8 Fixed Version: References: access.redhat.com bugzilla.redhat.com git.savannah.gnu.org mail.gnu.org mail.gnu.org nvd.nist.gov ubuntu.com www.cve.org |
|
| LOW |
CVE-2023-29499: glib: GVariant offset table entry size is not checked in is_normal()A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.Package Name: glib2 Installed Version: 2.56.4-167.el8_10 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org gitlab.gnome.org linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov security.gentoo.org security.netapp.com ubuntu.com ubuntu.com www.cve.org |
|
| LOW |
CVE-2023-32611: glib: g_variant_byteswap() can take a long time with some non-normal inputsA flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.Package Name: glib2 Installed Version: 2.56.4-167.el8_10 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org gitlab.gnome.org linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov security.gentoo.org security.netapp.com ubuntu.com ubuntu.com www.cve.org |
|
| LOW |
CVE-2023-32636: glib: Timeout in fuzz_variant_textA flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.Package Name: glib2 Installed Version: 2.56.4-167.el8_10 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com discourse.gnome.org errata.almalinux.org gitlab.gnome.org linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com ubuntu.com ubuntu.com www.cve.org |
|
| LOW |
CVE-2023-32665: glib: GVariant deserialisation does not match spec for non-normal dataA flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.Package Name: glib2 Installed Version: 2.56.4-167.el8_10 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org gitlab.gnome.org linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov security.gentoo.org security.netapp.com ubuntu.com ubuntu.com www.cve.org |
|
| LOW |
CVE-2025-3360: glibc: GLib prior to 2.82.5 is vulnerable to integer overflow and buffer under-read when parsing a very long invalid ISO 8601 timestamp with g_date_time_new_from_iso8601().A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.Package Name: glib2 Installed Version: 2.56.4-167.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com lists.debian.org nvd.nist.gov www.cve.org |
|
| LOW |
CVE-2025-7039: glib: Buffer Under-read on GLib through glib/gfileutils.c via get_tmp_file()A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations.Package Name: glib2 Installed Version: 2.56.4-167.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com nvd.nist.gov www.cve.org |
|
| LOW |
CVE-2022-3219: gnupg: denial of service issue (resource consumption) using compressed packetsGnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.Package Name: gnupg2 Installed Version: 2.2.20-3.el8_6 Fixed Version: References: access.redhat.com bugzilla.redhat.com dev.gnupg.org dev.gnupg.org marc.info nvd.nist.gov security.netapp.com www.cve.org |
|
| LOW |
CVE-2025-30258: gnupg: verification DoS due to a malicious subkey in the keyringIn GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."Package Name: gnupg2 Installed Version: 2.2.20-3.el8_6 Fixed Version: References: access.redhat.com dev.gnupg.org dev.gnupg.org lists.gnupg.org nvd.nist.gov ubuntu.com ubuntu.com www.cve.org |
|
| LOW |
CVE-2021-4209: GnuTLS: Null pointer dereference in MD_UPDATEA NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.Package Name: gnutls Installed Version: 3.6.16-8.el8_10.4 Fixed Version: References: access.redhat.com bugzilla.redhat.com gitlab.com gitlab.com gitlab.com nvd.nist.gov security.netapp.com ubuntu.com ubuntu.com www.cve.org |
|
| LOW |
CVE-2018-1000879: libarchive: NULL pointer dereference in ACL parser resulting in a denial of servicelibarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file.Package Name: libarchive Installed Version: 3.3.3-6.el8_10 Fixed Version: References: lists.opensuse.org www.securityfocus.com access.redhat.com bugs.launchpad.net github.com github.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov www.cve.org |
|
| LOW |
CVE-2018-1000880: libarchive: Improper input validation in WARC parser resulting in a denial of servicelibarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file.Package Name: libarchive Installed Version: 3.3.3-6.el8_10 Fixed Version: References: lists.opensuse.org www.securityfocus.com access.redhat.com bugs.launchpad.net github.com github.com lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov ubuntu.com usn.ubuntu.com www.cve.org www.debian.org |
|
| LOW |
CVE-2025-1632: libarchive: null pointer dereference in bsdunzip.cA vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Package Name: libarchive Installed Version: 3.3.3-6.el8_10 Fixed Version: References: access.redhat.com github.com nvd.nist.gov ubuntu.com vuldb.com vuldb.com vuldb.com www.cve.org |
|
| LOW |
CVE-2025-5915: libarchive: Heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.cA vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.Package Name: libarchive Installed Version: 3.3.3-6.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com github.com nvd.nist.gov ubuntu.com www.cve.org |
|
| LOW |
CVE-2025-5916: libarchive: Integer overflow while reading warc files at archive_read_support_format_warc.cA vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.Package Name: libarchive Installed Version: 3.3.3-6.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com github.com github.com nvd.nist.gov ubuntu.com www.cve.org |
|
| LOW |
CVE-2025-5917: libarchive: Off by one error in build_ustar_entry_name() at archive_write_set_format_pax.cA vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.Package Name: libarchive Installed Version: 3.3.3-6.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com github.com nvd.nist.gov ubuntu.com www.cve.org |
|
| LOW |
CVE-2025-5918: libarchive: Reading past EOF may be triggered for piped file streamsA vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.Package Name: libarchive Installed Version: 3.3.3-6.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com github.com nvd.nist.gov www.cve.org |
|
| LOW |
CVE-2023-27534: curl: SFTP path ~ resolving discrepancyA path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.Package Name: libcurl Installed Version: 7.61.1-34.el8_10.9 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com curl.se errata.almalinux.org hackerone.com linux.oracle.com linux.oracle.com lists.debian.org lists.fedoraproject.org nvd.nist.gov security.gentoo.org security.netapp.com ubuntu.com www.cve.org |
|
| LOW |
CVE-2024-7264: curl: libcurl: ASN.1 date parser overreadlibcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the *time fraction*, leading to a `strlen()` getting performed on a pointer to a heap buffer area that is not (purposely) null terminated. This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when [CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.Package Name: libcurl Installed Version: 7.61.1-34.el8_10.9 Fixed Version: References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com curl.se curl.se cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com hackerone.com linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com security.netapp.com security.netapp.com ubuntu.com ubuntu.com www.cve.org www.oracle.com |
|
| LOW |
CVE-2018-20657: libiberty: Memory leak in demangle_template function resulting in a denial of serviceThe demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.Package Name: libgcc Installed Version: 8.5.0-28.el8_10 Fixed Version: References: www.securityfocus.com access.redhat.com access.redhat.com gcc.gnu.org linux.oracle.com linux.oracle.com nvd.nist.gov support.f5.com www.cve.org |
|
| LOW |
CVE-2019-14250: binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflowAn issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.Package Name: libgcc Installed Version: 8.5.0-28.el8_10 Fixed Version: References: lists.opensuse.org lists.opensuse.org lists.opensuse.org lists.opensuse.org lists.opensuse.org www.securityfocus.com access.redhat.com gcc.gnu.org gcc.gnu.org nvd.nist.gov security.gentoo.org security.netapp.com ubuntu.com ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com www.cve.org |
|
| LOW |
CVE-2022-27943: binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_constlibiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.Package Name: libgcc Installed Version: 8.5.0-28.el8_10 Fixed Version: References: access.redhat.com gcc.gnu.org gcc.gnu.org gcc.gnu.org gcc.gnu.org gcc.gnu.org lists.fedoraproject.org nvd.nist.gov sourceware.org www.cve.org |
|
| LOW |
CVE-2025-4878: libssh: Use of uninitialized variable in privatekey_from_file()A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption.Package Name: libssh Installed Version: 0.9.6-16.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com git.libssh.org git.libssh.org nvd.nist.gov ubuntu.com ubuntu.com www.cve.org www.libssh.org |
|
| LOW |
CVE-2025-8277: libssh: Memory Exhaustion via Repeated Key Exchange in libsshA flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability.Package Name: libssh Installed Version: 0.9.6-16.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com nvd.nist.gov www.cve.org |
|
| LOW |
CVE-2025-4878: libssh: Use of uninitialized variable in privatekey_from_file()A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption.Package Name: libssh-config Installed Version: 0.9.6-16.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com git.libssh.org git.libssh.org nvd.nist.gov ubuntu.com ubuntu.com www.cve.org www.libssh.org |
|
| LOW |
CVE-2025-8277: libssh: Memory Exhaustion via Repeated Key Exchange in libsshA flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability.Package Name: libssh-config Installed Version: 0.9.6-16.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com nvd.nist.gov www.cve.org |
|
| LOW |
CVE-2018-20657: libiberty: Memory leak in demangle_template function resulting in a denial of serviceThe demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.Package Name: libstdc++ Installed Version: 8.5.0-28.el8_10 Fixed Version: References: www.securityfocus.com access.redhat.com access.redhat.com gcc.gnu.org linux.oracle.com linux.oracle.com nvd.nist.gov support.f5.com www.cve.org |
|
| LOW |
CVE-2019-14250: binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflowAn issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.Package Name: libstdc++ Installed Version: 8.5.0-28.el8_10 Fixed Version: References: lists.opensuse.org lists.opensuse.org lists.opensuse.org lists.opensuse.org lists.opensuse.org www.securityfocus.com access.redhat.com gcc.gnu.org gcc.gnu.org nvd.nist.gov security.gentoo.org security.netapp.com ubuntu.com ubuntu.com ubuntu.com usn.ubuntu.com usn.ubuntu.com www.cve.org |
|
| LOW |
CVE-2022-27943: binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_constlibiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.Package Name: libstdc++ Installed Version: 8.5.0-28.el8_10 Fixed Version: References: access.redhat.com gcc.gnu.org gcc.gnu.org gcc.gnu.org gcc.gnu.org gcc.gnu.org lists.fedoraproject.org nvd.nist.gov sourceware.org www.cve.org |
|
| LOW |
CVE-2018-1000654: libtasn1: Infinite loop in _asn1_expand_object_id(ptree) leads to memory exhaustionGNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.Package Name: libtasn1 Installed Version: 4.13-5.el8_10 Fixed Version: References: lists.opensuse.org lists.opensuse.org www.securityfocus.com access.redhat.com gitlab.com lists.apache.org nvd.nist.gov ubuntu.com www.cve.org |
|
| LOW |
CVE-2023-45322: libxml2: use-after-free in xmlUnlinkNode() in tree.clibxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail."Package Name: libxml2 Installed Version: 2.9.7-21.el8_10.3 Fixed Version: References: www.openwall.com access.redhat.com gitlab.gnome.org gitlab.gnome.org lists.debian.org nvd.nist.gov www.cve.org |
|
| LOW |
CVE-2024-34459: libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.cAn issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.Package Name: libxml2 Installed Version: 2.9.7-21.el8_10.3 Fixed Version: References: access.redhat.com gitlab.gnome.org gitlab.gnome.org gitlab.gnome.org lists.debian.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov ubuntu.com ubuntu.com www.cve.org |
|
| LOW |
CVE-2025-27113: libxml2: NULL Pointer Dereference in libxml2 xmlPatMatchlibxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.Package Name: libxml2 Installed Version: 2.9.7-21.el8_10.3 Fixed Version: References: seclists.org seclists.org seclists.org seclists.org seclists.org seclists.org seclists.org seclists.org access.redhat.com gitlab.gnome.org lists.debian.org nvd.nist.gov security.netapp.com ubuntu.com www.cve.org www.openwall.com |
|
| LOW |
CVE-2025-6170: libxml2: Stack Buffer Overflow in xmllint Interactive Shell Command HandlingA flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.Package Name: libxml2 Installed Version: 2.9.7-21.el8_10.3 Fixed Version: References: access.redhat.com bugzilla.redhat.com gitlab.gnome.org lists.debian.org nvd.nist.gov ubuntu.com www.cve.org |
|
| LOW |
CVE-2021-24032: zstd: Race condition allows attacker to access world-readable destination fileBeginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties.Package Name: libzstd Installed Version: 1.4.4-1.el8 Fixed Version: References: access.redhat.com bugs.debian.org github.com nvd.nist.gov ubuntu.com ubuntu.com www.cve.org www.facebook.com |
|
| LOW |
CVE-2018-19211: ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.cIn ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a "dubious character `*' in name or alias field" detection.Package Name: ncurses-base Installed Version: 6.1-10.20180224.el8 Fixed Version: References: access.redhat.com bugzilla.redhat.com nvd.nist.gov ubuntu.com www.cve.org |
|
| LOW |
CVE-2020-19185: ncurses: Heap buffer overflow in one_one_mapping function in progs/dump_entry.c:1373Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.Package Name: ncurses-base Installed Version: 6.1-10.20180224.el8 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com github.com nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com www.cve.org |
|
| LOW |
CVE-2020-19186: ncurses: Buffer overflow in _nc_find_entry function in tinfo/comp_hash.c:66Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.Package Name: ncurses-base Installed Version: 6.1-10.20180224.el8 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com github.com nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com www.cve.org |
|
| LOW |
CVE-2020-19187: ncurses: Heap buffer overflow in fmt_entry function in progs/dump_entry.c:1100Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.Package Name: ncurses-base Installed Version: 6.1-10.20180224.el8 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com github.com nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com www.cve.org |
|
| LOW |
CVE-2020-19188: ncurses: Stack buffer overflow in fmt_entry function in progs/dump_entry.c:1116Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.Package Name: ncurses-base Installed Version: 6.1-10.20180224.el8 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com github.com nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com www.cve.org |
|
| LOW |
CVE-2020-19189: ncurses: Heap buffer overflow in postprocess_terminfo function in tinfo/parse_entry.c:997Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.Package Name: ncurses-base Installed Version: 6.1-10.20180224.el8 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com github.com lists.debian.org nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com ubuntu.com www.cve.org |
|
| LOW |
CVE-2020-19190: ncurses: Heap buffer overflow in _nc_find_entry in tinfo/comp_hash.c:70Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.Package Name: ncurses-base Installed Version: 6.1-10.20180224.el8 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com github.com nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com www.cve.org |
|
| LOW |
CVE-2021-39537: ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.cAn issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.Package Name: ncurses-base Installed Version: 6.1-10.20180224.el8 Fixed Version: References: cvsweb.netbsd.org seclists.org seclists.org seclists.org seclists.org access.redhat.com lists.debian.org lists.gnu.org lists.gnu.org nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com ubuntu.com ubuntu.com www.cve.org |
|
| LOW |
CVE-2023-50495: ncurses: segmentation fault via _nc_wrap_entry()NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().Package Name: ncurses-base Installed Version: 6.1-10.20180224.el8 Fixed Version: References: access.redhat.com lists.fedoraproject.org lists.fedoraproject.org lists.gnu.org lists.gnu.org nvd.nist.gov security.netapp.com ubuntu.com www.cve.org |
|
| LOW |
CVE-2018-19211: ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.cIn ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a "dubious character `*' in name or alias field" detection.Package Name: ncurses-libs Installed Version: 6.1-10.20180224.el8 Fixed Version: References: access.redhat.com bugzilla.redhat.com nvd.nist.gov ubuntu.com www.cve.org |
|
| LOW |
CVE-2020-19185: ncurses: Heap buffer overflow in one_one_mapping function in progs/dump_entry.c:1373Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.Package Name: ncurses-libs Installed Version: 6.1-10.20180224.el8 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com github.com nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com www.cve.org |
|
| LOW |
CVE-2020-19186: ncurses: Buffer overflow in _nc_find_entry function in tinfo/comp_hash.c:66Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.Package Name: ncurses-libs Installed Version: 6.1-10.20180224.el8 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com github.com nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com www.cve.org |
|
| LOW |
CVE-2020-19187: ncurses: Heap buffer overflow in fmt_entry function in progs/dump_entry.c:1100Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.Package Name: ncurses-libs Installed Version: 6.1-10.20180224.el8 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com github.com nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com www.cve.org |
|
| LOW |
CVE-2020-19188: ncurses: Stack buffer overflow in fmt_entry function in progs/dump_entry.c:1116Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.Package Name: ncurses-libs Installed Version: 6.1-10.20180224.el8 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com github.com nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com www.cve.org |
|
| LOW |
CVE-2020-19189: ncurses: Heap buffer overflow in postprocess_terminfo function in tinfo/parse_entry.c:997Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.Package Name: ncurses-libs Installed Version: 6.1-10.20180224.el8 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com github.com lists.debian.org nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com ubuntu.com www.cve.org |
|
| LOW |
CVE-2020-19190: ncurses: Heap buffer overflow in _nc_find_entry in tinfo/comp_hash.c:70Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.Package Name: ncurses-libs Installed Version: 6.1-10.20180224.el8 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com github.com nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com www.cve.org |
|
| LOW |
CVE-2021-39537: ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.cAn issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.Package Name: ncurses-libs Installed Version: 6.1-10.20180224.el8 Fixed Version: References: cvsweb.netbsd.org seclists.org seclists.org seclists.org seclists.org access.redhat.com lists.debian.org lists.gnu.org lists.gnu.org nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com ubuntu.com ubuntu.com www.cve.org |
|
| LOW |
CVE-2023-50495: ncurses: segmentation fault via _nc_wrap_entry()NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().Package Name: ncurses-libs Installed Version: 6.1-10.20180224.el8 Fixed Version: References: access.redhat.com lists.fedoraproject.org lists.fedoraproject.org lists.gnu.org lists.gnu.org nvd.nist.gov security.netapp.com ubuntu.com www.cve.org |
|
| LOW |
CVE-2023-0464: openssl: Denial of service by excessive resource usage in verifying X509 policy constraintsA security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.Package Name: openssl-libs Installed Version: 1:1.1.1k-14.el8_6 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org git.openssl.org git.openssl.org git.openssl.org git.openssl.org linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov security.gentoo.org security.netapp.com security.netapp.com ubuntu.com ubuntu.com www.couchbase.com www.cve.org www.debian.org www.openssl.org |
|
| LOW |
CVE-2023-0465: openssl: Invalid certificate policies in leaf certificates are silently ignoredApplications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.Package Name: openssl-libs Installed Version: 1:1.1.1k-14.el8_6 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org git.openssl.org git.openssl.org git.openssl.org git.openssl.org linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov security.gentoo.org security.netapp.com ubuntu.com ubuntu.com www.cve.org www.debian.org www.openssl.org |
|
| LOW |
CVE-2023-2650: openssl: Possible DoS translating ASN.1 object identifiersIssue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience notable to very long delays when processing those messages, which may lead to a Denial of Service. An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - most of which have no size limit. OBJ_obj2txt() may be used to translate an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL type ASN1_OBJECT) to its canonical numeric text form, which are the sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by periods. When one of the sub-identifiers in the OBJECT IDENTIFIER is very large (these are sizes that are seen as absurdly large, taking up tens or hundreds of KiBs), the translation to a decimal number in text may take a very long time. The time complexity is O(n^2) with 'n' being the size of the sub-identifiers in bytes (*). With OpenSSL 3.0, support to fetch cryptographic algorithms using names / identifiers in string form was introduced. This includes using OBJECT IDENTIFIERs in canonical numeric text form as identifiers for fetching algorithms. Such OBJECT IDENTIFIERs may be received through the ASN.1 structure AlgorithmIdentifier, which is commonly used in multiple protocols to specify what cryptographic algorithm should be used to sign or verify, encrypt or decrypt, or digest passed data. Applications that call OBJ_obj2txt() directly with untrusted data are affected, with any version of OpenSSL. If the use is for the mere purpose of display, the severity is considered low. In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 certificates, including simple things like verifying its signature. The impact on TLS is relatively low, because all versions of OpenSSL have a 100KiB limit on the peer's certificate chain. Additionally, this only impacts clients, or servers that have explicitly enabled client authentication. In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, such as X.509 certificates. This is assumed to not happen in such a way that it would cause a Denial of Service, so these versions are considered not affected by this issue in such a way that it would be cause for concern, and the severity is therefore considered low.Package Name: openssl-libs Installed Version: 1:1.1.1k-14.el8_6 Fixed Version: References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org git.openssl.org git.openssl.org git.openssl.org git.openssl.org linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov psirt.global.sonicwall.com security.gentoo.org security.netapp.com security.netapp.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com www.cve.org www.debian.org www.openssl.org |
|
| LOW |
CVE-2024-0727: openssl: denial of service via null dereferenceIssue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly check for this case. This can lead to a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.Package Name: openssl-libs Installed Version: 1:1.1.1k-14.el8_6 Fixed Version: References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com github.com github.com github.com github.com github.openssl.org github.openssl.org linux.oracle.com linux.oracle.com lists.debian.org lists.debian.org nvd.nist.gov security.netapp.com security.netapp.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com ubuntu.com www.cve.org www.openssl.org |
|
| LOW |
CVE-2024-13176: openssl: Timing side-channel in ECDSA signature computationIssue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring the timing would require either local access to the signing application or a very fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This can happen with significant probability only for some of the supported elliptic curves. In particular the NIST P-521 curve is affected. To be able to measure this leak, the attacker process must either be located in the same physical computer or must have a very fast network connection with low latency. For that reason the severity of this vulnerability is Low. The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.Package Name: openssl-libs Installed Version: 1:1.1.1k-14.el8_6 Fixed Version: References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com github.com github.com github.openssl.org github.openssl.org linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov openssl-library.org security.netapp.com security.netapp.com security.netapp.com ubuntu.com ubuntu.com ubuntu.com www.cve.org www.oracle.com |
|
| LOW |
CVE-2024-2511: openssl: Unbounded memory growth with session handling in TLSv1.3Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used (but not if early_data support is also configured and the default anti-replay protection is in use). In this case, under certain conditions, the session cache can get into an incorrect state and it will fail to flush properly as it fills. The session cache will continue to grow in an unbounded manner. A malicious client could deliberately create the scenario for this failure to force a Denial of Service. It may also happen by accident in normal operation. This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS clients. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL 1.0.2 is also not affected by this issue.Package Name: openssl-libs Installed Version: 1:1.1.1k-14.el8_6 Fixed Version: References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com github.openssl.org linux.oracle.com linux.oracle.com lists.debian.org lists.debian.org nvd.nist.gov security.netapp.com ubuntu.com ubuntu.com www.cve.org www.openssl.org www.openssl.org |
|
| LOW |
CVE-2024-41996: openssl: remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculationsValidating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.Package Name: openssl-libs Installed Version: 1:1.1.1k-14.el8_6 Fixed Version: References: access.redhat.com dheatattack.gitlab.io dheatattack.gitlab.io gist.github.com github.com github.com nvd.nist.gov openssl-library.org www.cve.org |
|
| LOW |
CVE-2024-4741: openssl: Use After Free with SSL_free_buffersIssue summary: Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code. However, only applications that directly call the SSL_free_buffers function are affected by this issue. Applications that do not call this function are not vulnerable. Our investigations indicate that this function is rarely used by applications. The SSL_free_buffers function is used to free the internal OpenSSL buffer used when processing an incoming record from the network. The call is only expected to succeed if the buffer is not currently in use. However, two scenarios have been identified where the buffer is freed even when still in use. The first scenario occurs where a record header has been received from the network and processed by OpenSSL, but the full record body has not yet arrived. In this case calling SSL_free_buffers will succeed even though a record has only been partially processed and the buffer is still in use. The second scenario occurs where a full record containing application data has been received and processed by OpenSSL but the application has only read part of this data. Again a call to SSL_free_buffers will succeed even though the buffer is still in use. While these scenarios could occur accidentally during normal operation a malicious attacker could attempt to engineer a stituation where this occurs. We are not aware of this issue being actively exploited. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.Package Name: openssl-libs Installed Version: 1:1.1.1k-14.el8_6 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com github.com github.openssl.org linux.oracle.com linux.oracle.com lists.debian.org lists.debian.org nvd.nist.gov security.netapp.com ubuntu.com ubuntu.com www.cve.org www.openssl.org |
|
| LOW |
CVE-2022-41409: pcre2: negative repeat value in a pcre2test subject line leads to inifinite loopInteger overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.Package Name: pcre2 Installed Version: 10.32-3.el8_6 Fixed Version: References: access.redhat.com github.com github.com github.com nvd.nist.gov www.cve.org |
|
| LOW |
CVE-2019-19244: sqlite: allows a crash if a sub-select uses both DISTINCT and window functions and also has certain ORDER BY usagesqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.Package Name: sqlite-libs Installed Version: 3.26.0-20.el8_10 Fixed Version: References: access.redhat.com cert-portal.siemens.com github.com nvd.nist.gov ubuntu.com usn.ubuntu.com www.cve.org www.oracle.com |
|
| LOW |
CVE-2019-9936: sqlite: heap-based buffer over-read in function fts5HashEntrySort in sqlite3.cIn SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.Package Name: sqlite-libs Installed Version: 3.26.0-20.el8_10 Fixed Version: References: lists.opensuse.org www.securityfocus.com access.redhat.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.gentoo.org security.netapp.com sqlite.org ubuntu.com usn.ubuntu.com www.cve.org www.mail-archive.com www.mail-archive.com www.mail-archive.com www.mail-archive.com www.oracle.com www.oracle.com |
|
| LOW |
CVE-2019-9937: sqlite: null-pointer dereference in function fts5ChunkIterate in sqlite3.cIn SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.Package Name: sqlite-libs Installed Version: 3.26.0-20.el8_10 Fixed Version: References: lists.opensuse.org www.securityfocus.com access.redhat.com lists.debian.org lists.fedoraproject.org lists.fedoraproject.org nvd.nist.gov security.gentoo.org security.netapp.com sqlite.org ubuntu.com usn.ubuntu.com www.cve.org www.mail-archive.com www.mail-archive.com www.mail-archive.com www.mail-archive.com www.oracle.com www.oracle.com |
|
| LOW |
CVE-2024-0232: sqlite: use-after-free bug in jsonParseAddNodeArrayA heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.Package Name: sqlite-libs Installed Version: 3.26.0-20.el8_10 Fixed Version: References: access.redhat.com bugzilla.redhat.com lists.fedoraproject.org nvd.nist.gov security.netapp.com www.cve.org |
|
| LOW |
CVE-2021-3997: systemd: Uncontrolled recursion in systemd-tmpfiles when removing filesA flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.Package Name: systemd-libs Installed Version: 239-82.el8_10.8 Fixed Version: References: access.redhat.com bugzilla.redhat.com github.com nvd.nist.gov security.gentoo.org ubuntu.com www.cve.org www.openwall.com |
|
Package statistics are no longer available on cloudsmith.io. Please visit our new web app to access this feature.
These instructions assume you have setup the repository first (or read it).
To pull kurrentdb-rhel8 @ reference/tag sha256:4b35fa2fb4bc5f26b5eb9d4497d90a99fafc1f5b3fed2f29aac4cc3d602020fe:
docker pull docker.eventstore.com/kurrent-latest/kurrentdb-rhel8@sha256:4b35fa2fb4bc5f26b5eb9d4497d90a99fafc1f5b3fed2f29aac4cc3d602020feYou can also pull the latest version of this image (if it exists):
docker pull docker.eventstore.com/kurrent-latest/kurrentdb-rhel8:latestTo refer to this image after pulling in a Dockerfile, specify the following:
FROM docker.eventstore.com/kurrent-latest/kurrentdb-rhel8@sha256:4b35fa2fb4bc5f26b5eb9d4497d90a99fafc1f5b3fed2f29aac4cc3d602020fe