Cloudsmith - Repositories - Kurrent (eventstore) - kurrent-latest (kurrent-latest) - kurrentdb

Package Search Help

You can use boolean logic (e.g. AND/OR/NOT) for complex search queries. For more help and examples, see the search documentation.

Search by package name:
my-package _(implicit)
name:my-package _(explicit)

Search by package filename:
filename:my-package.ext

Search by package tag:
tag:latest

Search by package version:
version:1.0.0 prerelease:true _{(prereleases)}
prerelease:false _{(no prereleases)}

Search by package architecture:
architecture:x86_64

Search by package distribution:
distribution:el

Search by package license:
license:MIT

Search by package format:
format:deb

Search by package status:
status:in_progress

Search by package file checksum:
checksum:5afba

Search by package security status:
severity:critical

Search by package vulnerabilities:
vulnerabilities:>1
vulnerabilities:<1000

Search by # of package downloads:
downloads:>8
downloads:<100

Search by package type:
type:binary
type:source

Search by package size (bytes):
size:>50000
size:<10000

Search by dependency name/version:
dependency:log4j
dependency:log4j=1.0.0
dependency:log4j>1.0.0

Search by uploaded date:
uploaded:>"1 day ago"
uploaded:<"August 14, 2022 EST"

Search by entitlement token (identifier):
entitlement:3lKPVJPosCsY

Search by policy violation:
policy_violated:true
deny_policy_violated:true
license_policy_violated:true
vulnerability_policy_violated:true

Search by repository:
repository:repo-name

Search by last download date:
last_downloaded:<"30 days ago"
last_downloaded:>"August 14, 2022 EST"

Search queries for all Debian-specific (and related) package types

Search by component:
deb_component:unstable

Search queries for all Maven-specific (and related) package types

Search by group ID:
maven_group_id:org.apache

Search queries for all Docker-specific (and related) package types

Search by image digest:
docker_image_digest:sha256:7c5..6d4
(full hashref only)

Search by layer digest:
docker_layer_digest:sha256:4c4..ae4
(full hashref only)

Search queries for all Generic-specific package types

Search by file path:
generic_filepath:path/to/file.txt

Search by directory:
generic_directory:path/to

Field type modifiers (depending on the type, you can influence behaviour)

For all queries, you can use:
~foo for negation

For string queries, you can use:
^foo to anchor to start of term
foo$ to anchor to end of term
foo*bar for fuzzy matching

For number/date or version queries, you can use:
>foo for values greater than
>=foo for values greater / equal
<foo for values less than
<=foo for values less / equal

Need a secure and centralised artifact repository to deliver Alpine, Cargo, CocoaPods, Composer, Conan, Conda, CRAN, Dart, Debian, Docker, Generic, Go, Helm, Hex, HuggingFace, LuaRocks, Maven, MCP, npm, NuGet, P2, Python, RedHat, Ruby, Swift, Terraform, Vagrant, VSX, Raw & More packages?

Cloudsmith is the new standard in Package / Artifact Management and Software Distribution.

With support for all major package formats, you can trust us to manage your software supply chain.

Start My Free Trial

Set Me Up

Public — eventstore (Kurrent) / kurrent-latest

A certifiably-awesome public package repository curated by Kurrent, hosted by Cloudsmith.

kurrentdb 25.1.4-x64-8.0-bookworm-slim

Download

One-liner (summary)

A certifiably-awesome package curated by trainstation, hosted by Cloudsmith.

Description

A certifiably-awesome package curated by trainstation, hosted by Cloudsmith.

License

Unknown

Size

338.1 MB

Downloads

Status	Completed
Checksum (MD5)	bbe1b0ca76ba4780a3b7443f81b46ef8
Checksum (SHA-1)	988cd5f3ad0b014c7dbf47fa08fef063b48932d9
Checksum (SHA-256)	fba37b5d1e26574b8f83018753a004998419886b3b0bbda9be542b3ffd3fd77c
Checksum (SHA-512)	a74a63ec066685dfa31721640024458b168482c2f41b1632768078c9ae9c7d4a89…
GPG Signature	Download
GPG Fingerprint	02a89004460aa252035d6b7d094442d90ad50bcd
Storage Region	Dublin, Ireland
Type	Binary (contains binaries and binary artifacts)
Uploaded At	2 months, 1 week ago
Uploaded By
Slug Id	kurrentdb-hmn0
Unique Id	M3d4HAEbKIQx
Version (Raw)	25.1.4-x64-8.0-bookworm-slim
Version (Parsed)	Major: 25 Minor: 1 Patch: 4 Pre (Str): xbookwormslim Pre (Num Array): 64.8.0 Type: SemVer (Strict)
Orig Version (Raw)	fba37b5d1e26574b8f83018753a004998419886b3b0bbda9be542b3ffd3fd77c
Orig Version (Parsed)	Type: Unknown
	docker-specific metadata
Image Digest	sha256:fba37b5d1e26574b8f83018753a004998419886b3b0bbda9be542b3ffd3fd77c
Config Digest	sha256:883226f56a796dfb4a7cc1056dde4be3fcfe95e76ac18f2523dbe7021c9c7f61
V1 OCI Index Digest	sha256:e2c6c58a0f3f6d95cf30500ce59755c2227863a2e75e4cdbb42eb24d2a896712
V1 Distribution (Signed) Digest	sha256:b1534a4bb5e27590ae7952843a7ff7be141a3c036271f4c822fce92eaab49aa8
V1 OCI Digest	sha256:38eb336f646236fe4da532ba42c1b0813bb605af47742fd5ff081f1ed2b53d6c
V2 Distribution List Digest	sha256:6944d941fca0c076124571627ae3177ac5198630f9c1a3a146cb569026765130
V1 Distribution Digest	sha256:3e0949369755f09e0b5ec7a7ba6a731c2fa676347c4606d2096f2f8a6f1158a5
V2 Distribution Digest	sha256:fba37b5d1e26574b8f83018753a004998419886b3b0bbda9be542b3ffd3fd77c
	extended metadata
Manifest Type	V2 Distribution
Architecture	amd64
Config	Entrypoint /opt/kurrentdb/kurrentd Env ACCEPT_EULA=Y \| APP_UID=1654 \| ASPNETCORE_HTTP_PORTS=8080 \| DEBIAN_FRONTEND=noninteractive \| DOTNET_RUNNING_IN_CONTAINER=true \| LANGUAGE=en_US:en \| PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin Exposed Ports 1112/tcp \| 1113/tcp \| 2113/tcp Healthcheck Interval 5000000000 Retries 24 Test CMD-SHELL \| curl --fail --insecure https://localhost:2113/health/live \|\| curl --fail http://localhost:2113/health/live \|\| exit 1 Timeout 5000000000 User kurrent Volumes /var/lib/kurrentdb \| /var/log/kurrentdb Working Dir /opt/kurrentdb
Created	2026-02-23 13:28:12 UTC
Os	linux

Newer	kurrentdb 26.1	image amd64 linux 26.1.0-x64-10.0-nob… b5e1563a-6a74-4754-… 26.1.0 latest 242.1 MB — 6 days ago	32
Newer	kurrentdb 26.0.2	image amd64 linux 26.0.2-x64-10.0-nob… e6324a21-f867-4941-… 26.0 lts 238.3 MB — 1 month, 3 weeks ago	30900
Newer	kurrentdb 26.0.1	image amd64 linux 26.0.1-x64-10.0-nob… ff541ec3-69d4-47d1-… 245.6 MB — 2 months, 4 weeks ago	17212
Newer	kurrentdb 26.0.0	image amd64 linux 26.0.0-x64-10.0-nob… 048218d3-0542-472c-… 236.9 MB — 3 months, 2 weeks ago	5512
Newer	kurrentdb 25.1.4	image amd64 linux 25.1.4-x64-8.0-jammy 7f654902-d1ca-4426-… 25.1 369.5 MB — 2 months, 1 week ago	5116
	kurrentdb 25.1.4-x64-8.0-bookworm-slim	image amd64 linux b000e3ca-fae4-450b-… 338.1 MB — 2 months, 1 week ago	8
Older	kurrentdb 25.1.3	image amd64 linux 25.1.3-x64-8.0-jammy c531ca8e-161c-4beb-… 376.1 MB — 2 months, 4 weeks ago	769
Older	kurrentdb 25.1.3-x64-8.0-bookworm-slim	image amd64 linux 09c3bbb3-1ce3-417b-… 337.0 MB — 2 months, 4 weeks ago	7
Older	kurrentdb 25.1.1	image amd64 linux 25.1.1-x64-8.0-jammy eb074e71-9c9d-4dc1-… 365.0 MB — 5 months, 2 weeks ago	13730
Older	kurrentdb 25.1.1-x64-8.0-bookworm-slim	image amd64 linux e57bc875-f1ce-483e-… 335.2 MB — 5 months, 2 weeks ago	9
Older	kurrentdb 25.1.0	image amd64 linux 25.1.0-x64-8.0-jammy 64565ee6-7682-4567-… 364.3 MB — 6 months, 2 weeks ago	4428
Older	kurrentdb 25.1.0-x64-8.0-bookworm-slim	image amd64 linux 775f754f-ccc3-4379-… 335.1 MB — 6 months, 2 weeks ago	466
Older	kurrentdb 25.0.1	image amd64 linux 25.0.1-x64-8.0-jammy 65fc4013-6f2b-434f-… 25.0 333.4 MB — 11 months, 2 weeks ago	11030
Older	kurrentdb 25.0.1-x64-8.0-bookworm-slim	image amd64 linux fe0a2d9b-1158-4ead-… 313.2 MB — 11 months, 2 weeks ago	460
Older	kurrentdb 25.0.0	image amd64 linux 25.0.0-x64-8.0-jammy 1f96d4a4-834d-490f-… 332.1 MB — 1 year, 1 month ago	4206
Older	kurrentdb 25.0.0-x64-8.0-bookworm-slim	image amd64 linux 5ede3b62-e3a8-4805-… 308.3 MB — 1 year, 1 month ago	593

Last scanned

2 months, 1 week ago

Scan result

Vulnerable

Vulnerability count

Max. severity

Critical

Target:	M3d4HAEbKIQx.sbom-cyclonedx.json (debian 12.13)
CRITICAL	CVE-2023-45853: zlib: integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_6 MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API. Package Name: zlib1g Installed Version: 1:1.2.13.dfsg-1 Fixed Version: References: www.openwall.com www.openwall.com access.redhat.com chromium.googlesource.com chromium.googlesource.com github.com github.com github.com github.com github.com lists.debian.org nvd.nist.gov pypi.org security.gentoo.org security.netapp.com security.netapp.com ubuntu.com www.cve.org www.winimage.com
HIGH	CVE-2026-0861: glibc: Integer overflow in memalign leads to heap corruption Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc. Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments. Package Name: libc-bin Installed Version: 2.36-9+deb12u13 Fixed Version: References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com nvd.nist.gov sourceware.org sourceware.org ubuntu.com www.cve.org
HIGH	CVE-2026-0861: glibc: Integer overflow in memalign leads to heap corruption Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc. Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments. Package Name: libc6 Installed Version: 2.36-9+deb12u13 Fixed Version: References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com nvd.nist.gov sourceware.org sourceware.org ubuntu.com www.cve.org
HIGH	CVE-2023-2953: openldap: null pointer dereference in ber_memalloc_x function A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function. Package Name: libldap-2.5-0 Installed Version: 2.5.13+dfsg-5 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com access.redhat.com bugs.openldap.org bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com ubuntu.com ubuntu.com www.cve.org
HIGH	CVE-2023-2953: openldap: null pointer dereference in ber_memalloc_x function A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function. Package Name: libldap-common Installed Version: 2.5.13+dfsg-5 Fixed Version: References: seclists.org seclists.org seclists.org access.redhat.com access.redhat.com bugs.openldap.org bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com ubuntu.com ubuntu.com www.cve.org
MEDIUM	CVE-2025-14104: util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database. Package Name: bsdutils Installed Version: 1:2.38.1-5+deb12u3 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org
MEDIUM	CVE-2025-10148: curl: predictable WebSocket mask curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy. Package Name: curl Installed Version: 7.88.1-10+deb12u14 Fixed Version: References: www.openwall.com www.openwall.com www.openwall.com access.redhat.com curl.se curl.se hackerone.com nvd.nist.gov www.cve.org
MEDIUM	CVE-2025-30258: gnupg: verification DoS due to a malicious subkey in the keyring In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS." Package Name: gpgv Installed Version: 2.2.40-1.1+deb12u2 Fixed Version: References: access.redhat.com dev.gnupg.org dev.gnupg.org lists.gnupg.org nvd.nist.gov ubuntu.com ubuntu.com www.cve.org
MEDIUM	CVE-2025-68972: gnupg: GnuPG: Signature bypass via form feed character in signed messages In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an "invalid armor" message is printed during verification). This is related to use of \f as a marker to denote truncation of a long plaintext line. Package Name: gpgv Installed Version: 2.2.40-1.1+deb12u2 Fixed Version: References: access.redhat.com gpg.fail media.ccc.de news.ycombinator.com nvd.nist.gov www.cve.org
MEDIUM	CVE-2025-14104: util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database. Package Name: libblkid1 Installed Version: 2.38.1-5+deb12u3 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org
MEDIUM	CVE-2025-15281: glibc: wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process. Package Name: libc-bin Installed Version: 2.36-9+deb12u13 Fixed Version: References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org linux.oracle.com linux.oracle.com nvd.nist.gov sourceware.org ubuntu.com www.cve.org www.openwall.com
MEDIUM	CVE-2026-0915: glibc: glibc: Information disclosure via zero-valued network query Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver. Package Name: libc-bin Installed Version: 2.36-9+deb12u13 Fixed Version: References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com nvd.nist.gov sourceware.org ubuntu.com www.cve.org www.openwall.com
MEDIUM	CVE-2025-15281: glibc: wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process. Package Name: libc6 Installed Version: 2.36-9+deb12u13 Fixed Version: References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com errata.almalinux.org linux.oracle.com linux.oracle.com nvd.nist.gov sourceware.org ubuntu.com www.cve.org www.openwall.com
MEDIUM	CVE-2026-0915: glibc: glibc: Information disclosure via zero-valued network query Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver. Package Name: libc6 Installed Version: 2.36-9+deb12u13 Fixed Version: References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com nvd.nist.gov sourceware.org ubuntu.com www.cve.org www.openwall.com
MEDIUM	CVE-2025-10148: curl: predictable WebSocket mask curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy. Package Name: libcurl4 Installed Version: 7.88.1-10+deb12u14 Fixed Version: References: www.openwall.com www.openwall.com www.openwall.com access.redhat.com curl.se curl.se hackerone.com nvd.nist.gov www.cve.org
MEDIUM	CVE-2025-14104: util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database. Package Name: libmount1 Installed Version: 2.38.1-5+deb12u3 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org
MEDIUM	CVE-2024-10041: pam: libpam: Libpam vulnerable to read hashed password A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications. Package Name: libpam-modules Installed Version: 1.5.2-6+deb12u2 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org
MEDIUM	CVE-2024-10041: pam: libpam: Libpam vulnerable to read hashed password A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications. Package Name: libpam-modules-bin Installed Version: 1.5.2-6+deb12u2 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org
MEDIUM	CVE-2024-10041: pam: libpam: Libpam vulnerable to read hashed password A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications. Package Name: libpam-runtime Installed Version: 1.5.2-6+deb12u2 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org
MEDIUM	CVE-2024-10041: pam: libpam: Libpam vulnerable to read hashed password A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications. Package Name: libpam0g Installed Version: 1.5.2-6+deb12u2 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org
MEDIUM	CVE-2025-14104: util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database. Package Name: libsmartcols1 Installed Version: 2.38.1-5+deb12u3 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org
MEDIUM	CVE-2025-13151: libtasn1: libtasn1: Denial of Service via stack-based buffer overflow in asn1_expend_octet_string Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1_expend_octet_string. Package Name: libtasn1-6 Installed Version: 4.19.0-2+deb12u1 Fixed Version: References: www.openwall.com access.redhat.com gitlab.com gitlab.com nvd.nist.gov ubuntu.com ubuntu.com www.cve.org www.kb.cert.org
MEDIUM	CVE-2023-50495: ncurses: segmentation fault via _nc_wrap_entry() NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry(). Package Name: libtinfo6 Installed Version: 6.4-4 Fixed Version: References: access.redhat.com lists.fedoraproject.org lists.fedoraproject.org lists.gnu.org lists.gnu.org nvd.nist.gov security.netapp.com ubuntu.com www.cve.org
MEDIUM	CVE-2025-14104: util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database. Package Name: libuuid1 Installed Version: 2.38.1-5+deb12u3 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org
MEDIUM	CVE-2025-14104: util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database. Package Name: mount Installed Version: 2.38.1-5+deb12u3 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org
MEDIUM	CVE-2023-50495: ncurses: segmentation fault via _nc_wrap_entry() NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry(). Package Name: ncurses-base Installed Version: 6.4-4 Fixed Version: References: access.redhat.com lists.fedoraproject.org lists.fedoraproject.org lists.gnu.org lists.gnu.org nvd.nist.gov security.netapp.com ubuntu.com www.cve.org
MEDIUM	CVE-2023-50495: ncurses: segmentation fault via _nc_wrap_entry() NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry(). Package Name: ncurses-bin Installed Version: 6.4-4 Fixed Version: References: access.redhat.com lists.fedoraproject.org lists.fedoraproject.org lists.gnu.org lists.gnu.org nvd.nist.gov security.netapp.com ubuntu.com www.cve.org
MEDIUM	CVE-2025-14104: util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database. Package Name: util-linux Installed Version: 2.38.1-5+deb12u3 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org
MEDIUM	CVE-2025-14104: util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database. Package Name: util-linux-extra Installed Version: 2.38.1-5+deb12u3 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org
MEDIUM	CVE-2026-27171: zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition. Package Name: zlib1g Installed Version: 1:1.2.13.dfsg-1 Fixed Version: References: 7asecurity.com 7asecurity.com access.redhat.com github.com github.com nvd.nist.gov ostif.org www.cve.org
LOW	CVE-2011-3374: It was found that apt-key in apt, all versions, do not correctly valid ... It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack. Package Name: apt Installed Version: 2.6.1 Fixed Version: References: access.redhat.com bugs.debian.org people.canonical.com seclists.org security-tracker.debian.org snyk.io ubuntu.com
LOW	TEMP-0841856-B18BAF: [Privilege escalation possible to other user than root] Package Name: bash Installed Version: 5.2.15-2+b10 Fixed Version: References:
LOW	CVE-2022-0563: util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. Package Name: bsdutils Installed Version: 1:2.38.1-5+deb12u3 Fixed Version: References: access.redhat.com blog.trailofbits.com lore.kernel.org lore.kernel.org nvd.nist.gov security.gentoo.org security.netapp.com www.cve.org
LOW	CVE-2016-2781: coreutils: Non-privileged session can escape to the parent session in chroot chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. Package Name: coreutils Installed Version: 9.1-1 Fixed Version: References: seclists.org www.openwall.com www.openwall.com access.redhat.com lists.apache.org lore.kernel.org mirrors.edge.kernel.org nvd.nist.gov www.cve.org
LOW	CVE-2017-18018: coreutils: race condition vulnerability in chown and chgrp In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition. Package Name: coreutils Installed Version: 9.1-1 Fixed Version: References: lists.gnu.org access.redhat.com nvd.nist.gov www.cve.org
LOW	CVE-2025-5278: coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key Specification A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data. Package Name: coreutils Installed Version: 9.1-1 Fixed Version: References: www.openwall.com www.openwall.com www.openwall.com access.redhat.com bugzilla.redhat.com cgit.git.savannah.gnu.org cgit.git.savannah.gnu.org nvd.nist.gov security-tracker.debian.org www.cve.org
LOW	CVE-2024-2379: curl: QUIC certificate check bypass with wolfSSL libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems. Package Name: curl Installed Version: 7.88.1-10+deb12u14 Fixed Version: References: seclists.org seclists.org seclists.org www.openwall.com access.redhat.com curl.se curl.se hackerone.com nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com www.cve.org
LOW	CVE-2025-0725: libcurl: Buffer Overflow in libcurl via zlib Integer Overflow When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, using zlib 1.2.0.3 or older, an attacker-controlled integer overflow would make libcurl perform a buffer overflow. Package Name: curl Installed Version: 7.88.1-10+deb12u14 Fixed Version: References: www.openwall.com www.openwall.com www.openwall.com access.redhat.com curl.se curl.se github.com hackerone.com nvd.nist.gov security.netapp.com www.cve.org
LOW	CVE-2025-10966: curl: Curl missing SFTP host verification with wolfSSH backend curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more. Package Name: curl Installed Version: 7.88.1-10+deb12u14 Fixed Version: References: www.openwall.com access.redhat.com curl.se curl.se github.com hackerone.com nvd.nist.gov www.cve.org
LOW	CVE-2025-14017: curl: curl: Security bypass due to global TLS option changes in multi-threaded LDAPS transfers When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well. Package Name: curl Installed Version: 7.88.1-10+deb12u14 Fixed Version: References: www.openwall.com access.redhat.com curl.se curl.se nvd.nist.gov www.cve.org
LOW	CVE-2025-14524: When an OAuth2 bearer token is used for an HTTP(S) transfer, and that ... When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host. Package Name: curl Installed Version: 7.88.1-10+deb12u14 Fixed Version: References: www.openwall.com curl.se curl.se hackerone.com www.cve.org
LOW	CVE-2025-14819: When doing TLS related transfers with reused easy or multi handles and ... When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not. Package Name: curl Installed Version: 7.88.1-10+deb12u14 Fixed Version: References: www.openwall.com curl.se curl.se www.cve.org
LOW	CVE-2025-15079: When doing SSH-based transfers using either SCP or SFTP, and setting t ... When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts not present in the specified file if they were added as recognized in the libssh global known_hosts file. Package Name: curl Installed Version: 7.88.1-10+deb12u14 Fixed Version: References: www.openwall.com curl.se curl.se hackerone.com www.cve.org
LOW	CVE-2025-15224: When doing SSH-based transfers using either SCP or SFTP, and asked to ... When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent. Package Name: curl Installed Version: 7.88.1-10+deb12u14 Fixed Version: References: www.openwall.com curl.se curl.se hackerone.com www.cve.org
LOW	CVE-2025-6297: It was discovered that dpkg-deb does not properly sanitize directory p ... It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions. Package Name: dpkg Installed Version: 1.21.22 Fixed Version: References: git.dpkg.org ubuntu.com www.cve.org
LOW	CVE-2022-27943: binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new. Package Name: gcc-12-base Installed Version: 12.2.0-14+deb12u1 Fixed Version: References: access.redhat.com gcc.gnu.org gcc.gnu.org gcc.gnu.org gcc.gnu.org gcc.gnu.org lists.fedoraproject.org nvd.nist.gov sourceware.org www.cve.org
LOW	CVE-2022-3219: gnupg: denial of service issue (resource consumption) using compressed packets GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB. Package Name: gpgv Installed Version: 2.2.40-1.1+deb12u2 Fixed Version: References: access.redhat.com bugzilla.redhat.com dev.gnupg.org dev.gnupg.org marc.info nvd.nist.gov security.netapp.com www.cve.org
LOW	CVE-2018-5709: krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.c An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data. Package Name: krb5-locales Installed Version: 1.20.1-2+deb12u4 Fixed Version: References: access.redhat.com github.com lists.apache.org nvd.nist.gov www.cve.org
LOW	CVE-2024-26458: krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. Package Name: krb5-locales Installed Version: 1.20.1-2+deb12u4 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com linux.oracle.com linux.oracle.com mailman.mit.edu nvd.nist.gov security.netapp.com ubuntu.com www.cve.org
LOW	CVE-2024-26461: krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. Package Name: krb5-locales Installed Version: 1.20.1-2+deb12u4 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com linux.oracle.com linux.oracle.com mailman.mit.edu nvd.nist.gov security.netapp.com ubuntu.com www.cve.org
LOW	CVE-2011-3374: It was found that apt-key in apt, all versions, do not correctly valid ... It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack. Package Name: libapt-pkg6.0 Installed Version: 2.6.1 Fixed Version: References: access.redhat.com bugs.debian.org people.canonical.com seclists.org security-tracker.debian.org snyk.io ubuntu.com
LOW	CVE-2022-0563: util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. Package Name: libblkid1 Installed Version: 2.38.1-5+deb12u3 Fixed Version: References: access.redhat.com blog.trailofbits.com lore.kernel.org lore.kernel.org nvd.nist.gov security.gentoo.org security.netapp.com www.cve.org
LOW	CVE-2010-4756: glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632. Package Name: libc-bin Installed Version: 2.36-9+deb12u13 Fixed Version: References: cxib.net securityreason.com securityreason.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com nvd.nist.gov security.netapp.com www.cve.org
LOW	CVE-2018-20796: glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227\|)(\\1\\1\|t1\|\\\2537)+' in grep. Package Name: libc-bin Installed Version: 2.36-9+deb12u13 Fixed Version: References: www.securityfocus.com access.redhat.com debbugs.gnu.org lists.gnu.org nvd.nist.gov security.netapp.com support.f5.com www.cve.org
LOW	CVE-2019-1010022: glibc: stack guard protection bypass GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. Package Name: libc-bin Installed Version: 2.36-9+deb12u13 Fixed Version: References: access.redhat.com nvd.nist.gov security-tracker.debian.org sourceware.org sourceware.org ubuntu.com www.cve.org
LOW	CVE-2019-1010023: glibc: running ldd on malicious ELF leads to code execution because of wrong size computation GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. Package Name: libc-bin Installed Version: 2.36-9+deb12u13 Fixed Version: References: www.securityfocus.com access.redhat.com nvd.nist.gov security-tracker.debian.org sourceware.org support.f5.com ubuntu.com www.cve.org
LOW	CVE-2019-1010024: glibc: ASLR bypass using cache of thread stack and heap GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. Package Name: libc-bin Installed Version: 2.36-9+deb12u13 Fixed Version: References: www.securityfocus.com access.redhat.com nvd.nist.gov security-tracker.debian.org sourceware.org support.f5.com support.f5.com ubuntu.com www.cve.org
LOW	CVE-2019-1010025: glibc: information disclosure of heap addresses of pthread_created thread GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability. Package Name: libc-bin Installed Version: 2.36-9+deb12u13 Fixed Version: References: access.redhat.com nvd.nist.gov security-tracker.debian.org sourceware.org support.f5.com support.f5.com ubuntu.com www.cve.org
LOW	CVE-2019-9192: glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\|)(\\1\\1)' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern Package Name:* libc-bin Installed Version: 2.36-9+deb12u13 Fixed Version: References: access.redhat.com nvd.nist.gov sourceware.org support.f5.com www.cve.org
LOW	CVE-2010-4756: glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632. Package Name: libc6 Installed Version: 2.36-9+deb12u13 Fixed Version: References: cxib.net securityreason.com securityreason.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com nvd.nist.gov security.netapp.com www.cve.org
LOW	CVE-2018-20796: glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227\|)(\\1\\1\|t1\|\\\2537)+' in grep. Package Name: libc6 Installed Version: 2.36-9+deb12u13 Fixed Version: References: www.securityfocus.com access.redhat.com debbugs.gnu.org lists.gnu.org nvd.nist.gov security.netapp.com support.f5.com www.cve.org
LOW	CVE-2019-1010022: glibc: stack guard protection bypass GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. Package Name: libc6 Installed Version: 2.36-9+deb12u13 Fixed Version: References: access.redhat.com nvd.nist.gov security-tracker.debian.org sourceware.org sourceware.org ubuntu.com www.cve.org
LOW	CVE-2019-1010023: glibc: running ldd on malicious ELF leads to code execution because of wrong size computation GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. Package Name: libc6 Installed Version: 2.36-9+deb12u13 Fixed Version: References: www.securityfocus.com access.redhat.com nvd.nist.gov security-tracker.debian.org sourceware.org support.f5.com ubuntu.com www.cve.org
LOW	CVE-2019-1010024: glibc: ASLR bypass using cache of thread stack and heap GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. Package Name: libc6 Installed Version: 2.36-9+deb12u13 Fixed Version: References: www.securityfocus.com access.redhat.com nvd.nist.gov security-tracker.debian.org sourceware.org support.f5.com support.f5.com ubuntu.com www.cve.org
LOW	CVE-2019-1010025: glibc: information disclosure of heap addresses of pthread_created thread GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability. Package Name: libc6 Installed Version: 2.36-9+deb12u13 Fixed Version: References: access.redhat.com nvd.nist.gov security-tracker.debian.org sourceware.org support.f5.com support.f5.com ubuntu.com www.cve.org
LOW	CVE-2019-9192: glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\|)(\\1\\1)' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern Package Name:* libc6 Installed Version: 2.36-9+deb12u13 Fixed Version: References: access.redhat.com nvd.nist.gov sourceware.org support.f5.com www.cve.org
LOW	CVE-2024-2379: curl: QUIC certificate check bypass with wolfSSL libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems. Package Name: libcurl4 Installed Version: 7.88.1-10+deb12u14 Fixed Version: References: seclists.org seclists.org seclists.org www.openwall.com access.redhat.com curl.se curl.se hackerone.com nvd.nist.gov security.netapp.com support.apple.com support.apple.com support.apple.com www.cve.org
LOW	CVE-2025-0725: libcurl: Buffer Overflow in libcurl via zlib Integer Overflow When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, using zlib 1.2.0.3 or older, an attacker-controlled integer overflow would make libcurl perform a buffer overflow. Package Name: libcurl4 Installed Version: 7.88.1-10+deb12u14 Fixed Version: References: www.openwall.com www.openwall.com www.openwall.com access.redhat.com curl.se curl.se github.com hackerone.com nvd.nist.gov security.netapp.com www.cve.org
LOW	CVE-2025-10966: curl: Curl missing SFTP host verification with wolfSSH backend curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more. Package Name: libcurl4 Installed Version: 7.88.1-10+deb12u14 Fixed Version: References: www.openwall.com access.redhat.com curl.se curl.se github.com hackerone.com nvd.nist.gov www.cve.org
LOW	CVE-2025-14017: curl: curl: Security bypass due to global TLS option changes in multi-threaded LDAPS transfers When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well. Package Name: libcurl4 Installed Version: 7.88.1-10+deb12u14 Fixed Version: References: www.openwall.com access.redhat.com curl.se curl.se nvd.nist.gov www.cve.org
LOW	CVE-2025-14524: When an OAuth2 bearer token is used for an HTTP(S) transfer, and that ... When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host. Package Name: libcurl4 Installed Version: 7.88.1-10+deb12u14 Fixed Version: References: www.openwall.com curl.se curl.se hackerone.com www.cve.org
LOW	CVE-2025-14819: When doing TLS related transfers with reused easy or multi handles and ... When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not. Package Name: libcurl4 Installed Version: 7.88.1-10+deb12u14 Fixed Version: References: www.openwall.com curl.se curl.se www.cve.org
LOW	CVE-2025-15079: When doing SSH-based transfers using either SCP or SFTP, and setting t ... When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts not present in the specified file if they were added as recognized in the libssh global known_hosts file. Package Name: libcurl4 Installed Version: 7.88.1-10+deb12u14 Fixed Version: References: www.openwall.com curl.se curl.se hackerone.com www.cve.org
LOW	CVE-2025-15224: When doing SSH-based transfers using either SCP or SFTP, and asked to ... When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent. Package Name: libcurl4 Installed Version: 7.88.1-10+deb12u14 Fixed Version: References: www.openwall.com curl.se curl.se hackerone.com www.cve.org
LOW	CVE-2022-27943: binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new. Package Name: libgcc-s1 Installed Version: 12.2.0-14+deb12u1 Fixed Version: References: access.redhat.com gcc.gnu.org gcc.gnu.org gcc.gnu.org gcc.gnu.org gcc.gnu.org lists.fedoraproject.org nvd.nist.gov sourceware.org www.cve.org
LOW	CVE-2018-6829: libgcrypt: ElGamal implementation doesn't have semantic security due to incorrectly encoded plaintexts possibly allowing to obtain sensitive information cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation. Package Name: libgcrypt20 Installed Version: 1.10.1-3 Fixed Version: References: access.redhat.com github.com github.com lists.gnupg.org nvd.nist.gov www.cve.org www.oracle.com
LOW	CVE-2024-2236: libgcrypt: vulnerable to Marvin Attack A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts. Package Name: libgcrypt20 Installed Version: 1.10.1-3 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org dev.gnupg.org errata.almalinux.org errata.rockylinux.org github.com gitlab.com linux.oracle.com linux.oracle.com lists.gnupg.org nvd.nist.gov www.cve.org
LOW	CVE-2011-3389: HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST) The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. Package Name: libgnutls30 Installed Version: 3.7.9-2+deb12u6 Fixed Version: References: arcticdog.wordpress.com blog.mozilla.com blogs.technet.com blogs.technet.com curl.haxx.se downloads.asterisk.org ekoparty.org eprint.iacr.org eprint.iacr.org googlechromereleases.blogspot.com isc.sans.edu lists.apple.com lists.apple.com lists.apple.com lists.apple.com lists.apple.com lists.apple.com lists.apple.com lists.opensuse.org lists.opensuse.org lists.opensuse.org lists.opensuse.org marc.info marc.info marc.info marc.info marc.info marc.info my.opera.com osvdb.org rhn.redhat.com rhn.redhat.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com secunia.com security.gentoo.org security.gentoo.org support.apple.com support.apple.com support.apple.com support.apple.com support.apple.com support.apple.com technet.microsoft.com vnhacker.blogspot.com www.apcmedia.com www.debian.org www.educatedguesswork.org www.ibm.com www.imperialviolet.org www.insecure.cl www.kb.cert.org www.mandriva.com www.opera.com www.opera.com www.opera.com www.opera.com www.opera.com www.opera.com www.opera.com www.oracle.com www.oracle.com www.oracle.com www.redhat.com www.redhat.com www.securityfocus.com www.securityfocus.com www.securitytracker.com www.securitytracker.com www.securitytracker.com www.securitytracker.com www.ubuntu.com www.us-cert.gov access.redhat.com blogs.oracle.com bugzilla.novell.com bugzilla.redhat.com cert-portal.siemens.com docs.microsoft.com h20564.www2.hp.com hermes.opensuse.org hermes.opensuse.org ics-cert.us-cert.gov linux.oracle.com linux.oracle.com nvd.nist.gov oval.cisecurity.org ubuntu.com www.cve.org
LOW	CVE-2018-5709: krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.c An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data. Package Name: libgssapi-krb5-2 Installed Version: 1.20.1-2+deb12u4 Fixed Version: References: access.redhat.com github.com lists.apache.org nvd.nist.gov www.cve.org
LOW	CVE-2024-26458: krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. Package Name: libgssapi-krb5-2 Installed Version: 1.20.1-2+deb12u4 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com linux.oracle.com linux.oracle.com mailman.mit.edu nvd.nist.gov security.netapp.com ubuntu.com www.cve.org
LOW	CVE-2024-26461: krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. Package Name: libgssapi-krb5-2 Installed Version: 1.20.1-2+deb12u4 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com linux.oracle.com linux.oracle.com mailman.mit.edu nvd.nist.gov security.netapp.com ubuntu.com www.cve.org
LOW	CVE-2018-5709: krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.c An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data. Package Name: libk5crypto3 Installed Version: 1.20.1-2+deb12u4 Fixed Version: References: access.redhat.com github.com lists.apache.org nvd.nist.gov www.cve.org
LOW	CVE-2024-26458: krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. Package Name: libk5crypto3 Installed Version: 1.20.1-2+deb12u4 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com linux.oracle.com linux.oracle.com mailman.mit.edu nvd.nist.gov security.netapp.com ubuntu.com www.cve.org
LOW	CVE-2024-26461: krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. Package Name: libk5crypto3 Installed Version: 1.20.1-2+deb12u4 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com linux.oracle.com linux.oracle.com mailman.mit.edu nvd.nist.gov security.netapp.com ubuntu.com www.cve.org
LOW	CVE-2018-5709: krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.c An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data. Package Name: libkrb5-3 Installed Version: 1.20.1-2+deb12u4 Fixed Version: References: access.redhat.com github.com lists.apache.org nvd.nist.gov www.cve.org
LOW	CVE-2024-26458: krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. Package Name: libkrb5-3 Installed Version: 1.20.1-2+deb12u4 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com linux.oracle.com linux.oracle.com mailman.mit.edu nvd.nist.gov security.netapp.com ubuntu.com www.cve.org
LOW	CVE-2024-26461: krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. Package Name: libkrb5-3 Installed Version: 1.20.1-2+deb12u4 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com linux.oracle.com linux.oracle.com mailman.mit.edu nvd.nist.gov security.netapp.com ubuntu.com www.cve.org
LOW	CVE-2018-5709: krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.c An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data. Package Name: libkrb5support0 Installed Version: 1.20.1-2+deb12u4 Fixed Version: References: access.redhat.com github.com lists.apache.org nvd.nist.gov www.cve.org
LOW	CVE-2024-26458: krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. Package Name: libkrb5support0 Installed Version: 1.20.1-2+deb12u4 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com linux.oracle.com linux.oracle.com mailman.mit.edu nvd.nist.gov security.netapp.com ubuntu.com www.cve.org
LOW	CVE-2024-26461: krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. Package Name: libkrb5support0 Installed Version: 1.20.1-2+deb12u4 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com linux.oracle.com linux.oracle.com mailman.mit.edu nvd.nist.gov security.netapp.com ubuntu.com www.cve.org
LOW	CVE-2015-3276: openldap: incorrect multi-keyword mode cipherstring parsing The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors. Package Name: libldap-2.5-0 Installed Version: 2.5.13+dfsg-5 Fixed Version: References: rhn.redhat.com www.oracle.com www.securitytracker.com access.redhat.com bugzilla.redhat.com linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org
LOW	CVE-2017-14159: openldap: Privilege escalation via PID file manipulation slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by openldap-initscript. Package Name: libldap-2.5-0 Installed Version: 2.5.13+dfsg-5 Fixed Version: References: www.openldap.org access.redhat.com nvd.nist.gov www.cve.org www.oracle.com
LOW	CVE-2017-17740: openldap: contrib/slapd-modules/nops/nops.c attempts to free stack buffer allowing remote attackers to cause a denial of service contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation. Package Name: libldap-2.5-0 Installed Version: 2.5.13+dfsg-5 Fixed Version: References: lists.opensuse.org lists.opensuse.org www.openldap.org access.redhat.com kc.mcafee.com nvd.nist.gov www.cve.org www.oracle.com
LOW	CVE-2020-15719: openldap: Certificate validation incorrectly matches name against CN-ID libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux. Package Name: libldap-2.5-0 Installed Version: 2.5.13+dfsg-5 Fixed Version: References: lists.opensuse.org lists.opensuse.org access.redhat.com access.redhat.com bugs.openldap.org bugzilla.redhat.com kc.mcafee.com nvd.nist.gov www.cve.org www.oracle.com
LOW	CVE-2026-22185: OpenLDAP: OpenLDAP LMDB: Denial of Service and Information Disclosure via Heap Buffer Underflow OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition. Package Name: libldap-2.5-0 Installed Version: 2.5.13+dfsg-5 Fixed Version: References: access.redhat.com bugs.openldap.org nvd.nist.gov seclists.org seclists.org www.cve.org www.openldap.org www.vulncheck.com
LOW	CVE-2015-3276: openldap: incorrect multi-keyword mode cipherstring parsing The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors. Package Name: libldap-common Installed Version: 2.5.13+dfsg-5 Fixed Version: References: rhn.redhat.com www.oracle.com www.securitytracker.com access.redhat.com bugzilla.redhat.com linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org
LOW	CVE-2017-14159: openldap: Privilege escalation via PID file manipulation slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by openldap-initscript. Package Name: libldap-common Installed Version: 2.5.13+dfsg-5 Fixed Version: References: www.openldap.org access.redhat.com nvd.nist.gov www.cve.org www.oracle.com
LOW	CVE-2017-17740: openldap: contrib/slapd-modules/nops/nops.c attempts to free stack buffer allowing remote attackers to cause a denial of service contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation. Package Name: libldap-common Installed Version: 2.5.13+dfsg-5 Fixed Version: References: lists.opensuse.org lists.opensuse.org www.openldap.org access.redhat.com kc.mcafee.com nvd.nist.gov www.cve.org www.oracle.com
LOW	CVE-2020-15719: openldap: Certificate validation incorrectly matches name against CN-ID libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux. Package Name: libldap-common Installed Version: 2.5.13+dfsg-5 Fixed Version: References: lists.opensuse.org lists.opensuse.org access.redhat.com access.redhat.com bugs.openldap.org bugzilla.redhat.com kc.mcafee.com nvd.nist.gov www.cve.org www.oracle.com
LOW	CVE-2026-22185: OpenLDAP: OpenLDAP LMDB: Denial of Service and Information Disclosure via Heap Buffer Underflow OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline() function of mdb_load. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause an out-of-bounds read of one byte before the allocated heap buffer. This can cause mdb_load to crash, leading to a limited denial-of-service condition. Package Name: libldap-common Installed Version: 2.5.13+dfsg-5 Fixed Version: References: access.redhat.com bugs.openldap.org nvd.nist.gov seclists.org seclists.org www.cve.org www.openldap.org www.vulncheck.com
LOW	CVE-2022-0563: util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. Package Name: libmount1 Installed Version: 2.38.1-5+deb12u3 Fixed Version: References: access.redhat.com blog.trailofbits.com lore.kernel.org lore.kernel.org nvd.nist.gov security.gentoo.org security.netapp.com www.cve.org
LOW	CVE-2022-0563: util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. Package Name: libsmartcols1 Installed Version: 2.38.1-5+deb12u3 Fixed Version: References: access.redhat.com blog.trailofbits.com lore.kernel.org lore.kernel.org nvd.nist.gov security.gentoo.org security.netapp.com www.cve.org
LOW	CVE-2025-27587: OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable ... OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system. Package Name: libssl3 Installed Version: 3.0.18-1~deb12u2 Fixed Version: References: github.com minerva.crocs.fi.muni.cz
LOW	CVE-2022-27943: binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new. Package Name: libstdc++6 Installed Version: 12.2.0-14+deb12u1 Fixed Version: References: access.redhat.com gcc.gnu.org gcc.gnu.org gcc.gnu.org gcc.gnu.org gcc.gnu.org lists.fedoraproject.org nvd.nist.gov sourceware.org www.cve.org
LOW	CVE-2013-4392: systemd: TOCTOU race condition when updating file permissions and SELinux security contexts systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files. Package Name: libsystemd0 Installed Version: 252.39-1~deb12u1 Fixed Version: References: bugs.debian.org www.openwall.com access.redhat.com bugzilla.redhat.com nvd.nist.gov www.cve.org
LOW	CVE-2023-31437: An issue was discovered in systemd 253. An attacker can modify a seale ... An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability." Package Name: libsystemd0 Installed Version: 252.39-1~deb12u1 Fixed Version: References: github.com github.com github.com
LOW	CVE-2023-31438: An issue was discovered in systemd 253. An attacker can truncate a sea ... An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability." Package Name: libsystemd0 Installed Version: 252.39-1~deb12u1 Fixed Version: References: github.com github.com github.com github.com
LOW	CVE-2023-31439: An issue was discovered in systemd 253. An attacker can modify the con ... An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability." Package Name: libsystemd0 Installed Version: 252.39-1~deb12u1 Fixed Version: References: github.com github.com github.com github.com
LOW	CVE-2025-6141: gnu-ncurses: ncurses Stack Buffer Overflow A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component. Package Name: libtinfo6 Installed Version: 6.4-4 Fixed Version: References: access.redhat.com invisible-island.net lists.gnu.org lists.gnu.org lists.gnu.org nvd.nist.gov vuldb.com vuldb.com vuldb.com www.cve.org www.gnu.org
LOW	CVE-2013-4392: systemd: TOCTOU race condition when updating file permissions and SELinux security contexts systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files. Package Name: libudev1 Installed Version: 252.39-1~deb12u1 Fixed Version: References: bugs.debian.org www.openwall.com access.redhat.com bugzilla.redhat.com nvd.nist.gov www.cve.org
LOW	CVE-2023-31437: An issue was discovered in systemd 253. An attacker can modify a seale ... An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability." Package Name: libudev1 Installed Version: 252.39-1~deb12u1 Fixed Version: References: github.com github.com github.com
LOW	CVE-2023-31438: An issue was discovered in systemd 253. An attacker can truncate a sea ... An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability." Package Name: libudev1 Installed Version: 252.39-1~deb12u1 Fixed Version: References: github.com github.com github.com github.com
LOW	CVE-2023-31439: An issue was discovered in systemd 253. An attacker can modify the con ... An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability." Package Name: libudev1 Installed Version: 252.39-1~deb12u1 Fixed Version: References: github.com github.com github.com github.com
LOW	CVE-2022-0563: util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. Package Name: libuuid1 Installed Version: 2.38.1-5+deb12u3 Fixed Version: References: access.redhat.com blog.trailofbits.com lore.kernel.org lore.kernel.org nvd.nist.gov security.gentoo.org security.netapp.com www.cve.org
LOW	CVE-2007-5686: initscripts in rPath Linux 1 sets insecure permissions for the /var/lo ... initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers. Package Name: login Installed Version: 1:4.13+dfsg1-1+deb12u2 Fixed Version: References: secunia.com www.securityfocus.com www.securityfocus.com www.securityfocus.com www.vupen.com issues.rpath.com
LOW	CVE-2024-56433: shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid. Package Name: login Installed Version: 1:4.13+dfsg1-1+deb12u2 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org
LOW	TEMP-0628843-DBAD28: [more related to CVE-2005-4890] Package Name: login Installed Version: 1:4.13+dfsg1-1+deb12u2 Fixed Version: References:
LOW	CVE-2022-0563: util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. Package Name: mount Installed Version: 2.38.1-5+deb12u3 Fixed Version: References: access.redhat.com blog.trailofbits.com lore.kernel.org lore.kernel.org nvd.nist.gov security.gentoo.org security.netapp.com www.cve.org
LOW	CVE-2025-6141: gnu-ncurses: ncurses Stack Buffer Overflow A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component. Package Name: ncurses-base Installed Version: 6.4-4 Fixed Version: References: access.redhat.com invisible-island.net lists.gnu.org lists.gnu.org lists.gnu.org nvd.nist.gov vuldb.com vuldb.com vuldb.com www.cve.org www.gnu.org
LOW	CVE-2025-6141: gnu-ncurses: ncurses Stack Buffer Overflow A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component. Package Name: ncurses-bin Installed Version: 6.4-4 Fixed Version: References: access.redhat.com invisible-island.net lists.gnu.org lists.gnu.org lists.gnu.org nvd.nist.gov vuldb.com vuldb.com vuldb.com www.cve.org www.gnu.org
LOW	CVE-2025-27587: OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable ... OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system. Package Name: openssl Installed Version: 3.0.18-1~deb12u2 Fixed Version: References: github.com minerva.crocs.fi.muni.cz
LOW	CVE-2007-5686: initscripts in rPath Linux 1 sets insecure permissions for the /var/lo ... initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers. Package Name: passwd Installed Version: 1:4.13+dfsg1-1+deb12u2 Fixed Version: References: secunia.com www.securityfocus.com www.securityfocus.com www.securityfocus.com www.vupen.com issues.rpath.com
LOW	CVE-2024-56433: shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid. Package Name: passwd Installed Version: 1:4.13+dfsg1-1+deb12u2 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org
LOW	TEMP-0628843-DBAD28: [more related to CVE-2005-4890] Package Name: passwd Installed Version: 1:4.13+dfsg1-1+deb12u2 Fixed Version: References:
LOW	CVE-2011-4116: perl: File:: Temp insecure temporary file handling _is_safe in the File::Temp module for Perl does not properly handle symlinks. Package Name: perl-base Installed Version: 5.36.0-7+deb12u3 Fixed Version: References: www.openwall.com www.openwall.com access.redhat.com github.com nvd.nist.gov rt.cpan.org seclists.org www.cve.org
LOW	CVE-2023-31486: http-tiny: insecure TLS cert default HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. Package Name: perl-base Installed Version: 5.36.0-7+deb12u3 Fixed Version: References: www.openwall.com www.openwall.com www.openwall.com www.openwall.com access.redhat.com access.redhat.com blog.hackeriet.no bugzilla.redhat.com errata.almalinux.org github.com hackeriet.github.io linux.oracle.com linux.oracle.com nvd.nist.gov security.netapp.com www.cve.org www.openwall.com www.openwall.com www.reddit.com
LOW	TEMP-0517018-A83CE6: [sysvinit: no-root option in expert installer exposes locally exploitable security flaw] Package Name: sysvinit-utils Installed Version: 3.06-4 Fixed Version: References:
LOW	CVE-2005-2541: tar: does not properly warn the user when extracting setuid or setgid files Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges. Package Name: tar Installed Version: 1.34+dfsg-1.2+deb12u1 Fixed Version: References: marc.info access.redhat.com lists.apache.org nvd.nist.gov www.cve.org
LOW	TEMP-0290435-0B57B5: [tar's rmt command may have undesired side effects] Package Name: tar Installed Version: 1.34+dfsg-1.2+deb12u1 Fixed Version: References:
LOW	CVE-2022-0563: util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. Package Name: util-linux Installed Version: 2.38.1-5+deb12u3 Fixed Version: References: access.redhat.com blog.trailofbits.com lore.kernel.org lore.kernel.org nvd.nist.gov security.gentoo.org security.netapp.com www.cve.org
LOW	CVE-2022-0563: util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. Package Name: util-linux-extra Installed Version: 2.38.1-5+deb12u3 Fixed Version: References: access.redhat.com blog.trailofbits.com lore.kernel.org lore.kernel.org nvd.nist.gov security.gentoo.org security.netapp.com www.cve.org

Package statistics are no longer available on cloudsmith.io. Please visit our new web app to access this feature.

You can embed a badge in another website that shows this or the latest version of this package.

To embed the badge for this specific package version, use the following:

[![This version of 'kurrentdb' @ Cloudsmith](https://api.cloudsmith.com/v1/badges/version/eventstore/kurrent-latest/docker/kurrentdb/25.1.4-x64-8.0-bookworm-slim/a=amd64;xpo=linux/?render=true)](https://cloudsmith.io/~eventstore/repos/kurrent-latest/packages/detail/docker/kurrentdb/fba37b5d1e26574b8f83018753a004998419886b3b0bbda9be542b3ffd3fd77c/a=amd64;xpo=linux/)

|This version of 'kurrentdb' @ Cloudsmith|
.. |This version of 'kurrentdb' @ Cloudsmith| image:: https://api.cloudsmith.com/v1/badges/version/eventstore/kurrent-latest/docker/kurrentdb/25.1.4-x64-8.0-bookworm-slim/a=amd64;xpo=linux/?render=true
   :target: https://cloudsmith.io/~eventstore/repos/kurrent-latest/packages/detail/docker/kurrentdb/fba37b5d1e26574b8f83018753a004998419886b3b0bbda9be542b3ffd3fd77c/a=amd64;xpo=linux/

image::https://api.cloudsmith.com/v1/badges/version/eventstore/kurrent-latest/docker/kurrentdb/25.1.4-x64-8.0-bookworm-slim/a=amd64;xpo=linux/?render=true[link="https://cloudsmith.io/~eventstore/repos/kurrent-latest/packages/detail/docker/kurrentdb/fba37b5d1e26574b8f83018753a004998419886b3b0bbda9be542b3ffd3fd77c/a=amd64;xpo=linux/",title="This version of 'kurrentdb' @ Cloudsmith"]

<a href="https://cloudsmith.io/~eventstore/repos/kurrent-latest/packages/detail/docker/kurrentdb/fba37b5d1e26574b8f83018753a004998419886b3b0bbda9be542b3ffd3fd77c/a=amd64;xpo=linux/"><img src="https://api.cloudsmith.com/v1/badges/version/eventstore/kurrent-latest/docker/kurrentdb/25.1.4-x64-8.0-bookworm-slim/a=amd64;xpo=linux/?render=true" alt="This version of 'kurrentdb' @ Cloudsmith" /></a>

rendered as:

To embed the badge for the latest package version, use the following:

[![Latest version of 'kurrentdb' @ Cloudsmith](https://api.cloudsmith.com/v1/badges/version/eventstore/kurrent-latest/docker/kurrentdb/latest/a=amd64;xpo=linux/?render=true&show_latest=true)](https://cloudsmith.io/~eventstore/repos/kurrent-latest/packages/detail/docker/kurrentdb/latest/a=amd64;xpo=linux/)

|Latest version of 'kurrentdb' @ Cloudsmith|
.. |Latest version of 'kurrentdb' @ Cloudsmith| image:: https://api.cloudsmith.com/v1/badges/version/eventstore/kurrent-latest/docker/kurrentdb/latest/a=amd64;xpo=linux/?render=true&show_latest=true
   :target: https://cloudsmith.io/~eventstore/repos/kurrent-latest/packages/detail/docker/kurrentdb/latest/a=amd64;xpo=linux/

image::https://api.cloudsmith.com/v1/badges/version/eventstore/kurrent-latest/docker/kurrentdb/latest/a=amd64;xpo=linux/?render=true&show_latest=true[link="https://cloudsmith.io/~eventstore/repos/kurrent-latest/packages/detail/docker/kurrentdb/latest/a=amd64;xpo=linux/",title="Latest version of 'kurrentdb' @ Cloudsmith"]

<a href="https://cloudsmith.io/~eventstore/repos/kurrent-latest/packages/detail/docker/kurrentdb/latest/a=amd64;xpo=linux/"><img src="https://api.cloudsmith.com/v1/badges/version/eventstore/kurrent-latest/docker/kurrentdb/latest/a=amd64;xpo=linux/?render=true&show_latest=true" alt="Latest version of 'kurrentdb' @ Cloudsmith" /></a>

rendered as:

These instructions assume you have setup the repository first (or read it).

To pull kurrentdb @ reference/tag b000e3ca-fae4-450b-be2b-8a5f36bc5665:

docker pull docker.eventstore.com/kurrent-latest/kurrentdb:b000e3ca-fae4-450b-be2b-8a5f36bc5665

You can also pull the latest version of this image (if it exists):

docker pull docker.eventstore.com/kurrent-latest/kurrentdb:latest

To refer to this image after pulling in a Dockerfile, specify the following:

FROM docker.eventstore.com/kurrent-latest/kurrentdb:b000e3ca-fae4-450b-be2b-8a5f36bc5665

Note: You should replace b000e3ca-fae4-450b-be2b-8a5f36bc5665 with an alternative reference to pull, such as: 25.1.4-x64-8.0-bookworm-slim.

Still stuck? Need help? Don't panic. Just contact us for help (even if you're not a customer).

Previous Version: 25.1.3

Next Version: 25.1.4

	Digest: sha256:81c0abc7bb04b148bea08d2bc91b7dc33b7b2305c607ca979c302baa3e4a4fc5 Command: # debian.sh --arch 'amd64' out/ 'bookworm' '@1769990400'	27.8 MB
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: ENV APP_UID=1654 ASPNETCORE_HTTP_PORTS=8080 DOTNET_RUNNING_IN_CONTAINER=true	32 bytes
	Digest: sha256:dc989867784ead8b4cca8ae65779cea285c9082efb12bba858be89c6e6da57bc Command: RUN /bin/sh -c apt-get update && apt-get install -y --no-install-recommends ca-certificates libc6 libgcc-s1 libicu72 libssl3 libstdc++6 tzdata zlib1g && rm -rf /var/lib/apt/lists/* # buildkit	17.9 MB
	Digest: sha256:b69341e364d1ba68dc7f7daf595397e6f2deb9ba4a0eebb4954dd1fa0471a5bf Command: RUN /bin/sh -c groupadd --gid=$APP_UID app && useradd --no-log-init --uid=$APP_UID --gid=$APP_UID --create-home app # buildkit	3.2 KB
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: ARG DATABASE_ARCHIVE_DIR=kurrentdb-25.1.4-linux-x64.tar.gz	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: ARG UID=1000	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: ARG GID=1000	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: ENV LANGUAGE=en_US:en DEBIAN_FRONTEND=noninteractive ACCEPT_EULA=Y	32 bytes
	Digest: sha256:2d11d0edb18fee3e20f5d642ed39fe38fc23a9991cb2397afd220adc2264399e Command: RUN \|3 DATABASE_ARCHIVE_DIR=kurrentdb-25.1.4-linux-x64.tar.gz UID=1000 GID=1000 /bin/sh -c apt-get update && apt-get upgrade -y && apt-get clean # buildkit	15.6 MB
	Digest: sha256:826b401dbc67b86787005167e44ba6110ef9452cc0793ff5f11c17b699d86dcb Command: COPY kurrentdb-25.1.4-linux-x64.tar.gz /opt/kurrentdb/ # buildkit	137.2 MB
	Digest: sha256:3b6b2ce2aba97bc58518d66398d485f22269ab4b65ce9b48acde2e6a82887a7c Command: RUN \|3 DATABASE_ARCHIVE_DIR=kurrentdb-25.1.4-linux-x64.tar.gz UID=1000 GID=1000 /bin/sh -c apt update && apt install -y curl && rm -rf /var/lib/apt/lists/* # buildkit	2.4 MB
	Digest: sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1 Command: WORKDIR /opt/kurrentdb	32 bytes
	Digest: sha256:0ebd150022309e93bf5ab402ac7f2921de601ab00596ecc0593b173dc5ca87af Command: RUN \|3 DATABASE_ARCHIVE_DIR=kurrentdb-25.1.4-linux-x64.tar.gz UID=1000 GID=1000 /bin/sh -c addgroup --gid ${GID} "kurrent" && adduser --disabled-password --gecos "" --ingroup "kurrent" --no-create-home --uid ${UID} "kurrent" # buildkit	1.2 KB
	Digest: sha256:3f80368eaf8bae9e1f8e6717b69749ed11d5be935494d384d3038f1a728440b8 Command: RUN \|3 DATABASE_ARCHIVE_DIR=kurrentdb-25.1.4-linux-x64.tar.gz UID=1000 GID=1000 /bin/sh -c mkdir -p /var/lib/kurrentdb && mkdir -p /var/log/kurrentdb && mkdir -p /etc/kurrentdb && chown -R kurrent:kurrent /opt/kurrentdb /var/lib/kurrentdb /var/log/kurrentdb /etc/kurrentdb # buildkit	137.2 MB
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: USER kurrent	32 bytes
	Digest: sha256:3a2571cc94cab835aee88d2986b2624ef6a685b591bdab4faea1acd29e086e86 Command: RUN \|3 DATABASE_ARCHIVE_DIR=kurrentdb-25.1.4-linux-x64.tar.gz UID=1000 GID=1000 /bin/sh -c echo "NodeIp: 0.0.0.0\nReplicationIp: 0.0.0.0" >> /etc/kurrentdb/kurrentdb.conf # buildkit	190 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: VOLUME [/var/lib/kurrentdb]	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: VOLUME [/var/log/kurrentdb]	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: EXPOSE map[1112/tcp:{}]	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: EXPOSE map[1113/tcp:{}]	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: EXPOSE map[2113/tcp:{}]	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: HEALTHCHECK &{["CMD-SHELL" "curl --fail --insecure https://localhost:2113/health/live \|\| curl --fail http://localhost:2113/health/live \|\| exit 1"] "5s" "5s" "0s" "0s" '\x18'}	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: ENTRYPOINT ["/opt/kurrentdb/kurrentd"]	32 bytes

kurrentdb 25.1.4-x64-8.0-bookworm-slim

One-liner (summary)

Description

License

Size

Downloads

Tags

Last scanned

Scan result

Vulnerability count

Max. severity

CVE-2023-45853: zlib: integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_6

CVE-2026-0861: glibc: Integer overflow in memalign leads to heap corruption

CVE-2026-0861: glibc: Integer overflow in memalign leads to heap corruption

CVE-2023-2953: openldap: null pointer dereference in ber_memalloc_x function

CVE-2023-2953: openldap: null pointer dereference in ber_memalloc_x function

CVE-2025-14104: util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames

CVE-2025-10148: curl: predictable WebSocket mask

CVE-2025-30258: gnupg: verification DoS due to a malicious subkey in the keyring

CVE-2025-68972: gnupg: GnuPG: Signature bypass via form feed character in signed messages

CVE-2025-14104: util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames

CVE-2025-15281: glibc: wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory

CVE-2026-0915: glibc: glibc: Information disclosure via zero-valued network query

CVE-2025-15281: glibc: wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory

CVE-2026-0915: glibc: glibc: Information disclosure via zero-valued network query

CVE-2025-10148: curl: predictable WebSocket mask

CVE-2025-14104: util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames

CVE-2024-10041: pam: libpam: Libpam vulnerable to read hashed password

CVE-2024-10041: pam: libpam: Libpam vulnerable to read hashed password

CVE-2024-10041: pam: libpam: Libpam vulnerable to read hashed password

CVE-2024-10041: pam: libpam: Libpam vulnerable to read hashed password

CVE-2025-14104: util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames

CVE-2025-13151: libtasn1: libtasn1: Denial of Service via stack-based buffer overflow in asn1_expend_octet_string

CVE-2023-50495: ncurses: segmentation fault via _nc_wrap_entry()

CVE-2025-14104: util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames

CVE-2025-14104: util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames

CVE-2023-50495: ncurses: segmentation fault via _nc_wrap_entry()

CVE-2023-50495: ncurses: segmentation fault via _nc_wrap_entry()

CVE-2025-14104: util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames

CVE-2025-14104: util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames

CVE-2026-27171: zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions

CVE-2011-3374: It was found that apt-key in apt, all versions, do not correctly valid ...

TEMP-0841856-B18BAF: [Privilege escalation possible to other user than root]

CVE-2022-0563: util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline

CVE-2016-2781: coreutils: Non-privileged session can escape to the parent session in chroot

CVE-2017-18018: coreutils: race condition vulnerability in chown and chgrp

CVE-2025-5278: coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key Specification

CVE-2024-2379: curl: QUIC certificate check bypass with wolfSSL

CVE-2025-0725: libcurl: Buffer Overflow in libcurl via zlib Integer Overflow

CVE-2025-10966: curl: Curl missing SFTP host verification with wolfSSH backend

CVE-2025-14017: curl: curl: Security bypass due to global TLS option changes in multi-threaded LDAPS transfers

CVE-2025-14524: When an OAuth2 bearer token is used for an HTTP(S) transfer, and that ...

CVE-2025-14819: When doing TLS related transfers with reused easy or multi handles and ...

CVE-2025-15079: When doing SSH-based transfers using either SCP or SFTP, and setting t ...

CVE-2025-15224: When doing SSH-based transfers using either SCP or SFTP, and asked to ...

CVE-2025-6297: It was discovered that dpkg-deb does not properly sanitize directory p ...

CVE-2022-27943: binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const

CVE-2022-3219: gnupg: denial of service issue (resource consumption) using compressed packets

CVE-2018-5709: krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.c

CVE-2024-26458: krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c

CVE-2024-26461: krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c

CVE-2011-3374: It was found that apt-key in apt, all versions, do not correctly valid ...

CVE-2022-0563: util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline

CVE-2010-4756: glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions

CVE-2018-20796: glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c

CVE-2019-1010022: glibc: stack guard protection bypass

CVE-2019-1010023: glibc: running ldd on malicious ELF leads to code execution because of wrong size computation

CVE-2019-1010024: glibc: ASLR bypass using cache of thread stack and heap

CVE-2019-1010025: glibc: information disclosure of heap addresses of pthread_created thread

CVE-2019-9192: glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c

CVE-2010-4756: glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions

CVE-2018-20796: glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c

CVE-2019-1010022: glibc: stack guard protection bypass

CVE-2019-1010023: glibc: running ldd on malicious ELF leads to code execution because of wrong size computation

CVE-2019-1010024: glibc: ASLR bypass using cache of thread stack and heap

CVE-2019-1010025: glibc: information disclosure of heap addresses of pthread_created thread

CVE-2019-9192: glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c

CVE-2024-2379: curl: QUIC certificate check bypass with wolfSSL

CVE-2025-0725: libcurl: Buffer Overflow in libcurl via zlib Integer Overflow

CVE-2025-10966: curl: Curl missing SFTP host verification with wolfSSH backend