Cloudsmith - Repositories - Kurrent (eventstore) - kurrent-lts (kurrent-lts) - kurrentdb

Package Search Help

You can use boolean logic (e.g. AND/OR/NOT) for complex search queries. For more help and examples, see the search documentation.

Search by package name:
my-package _(implicit)
name:my-package _(explicit)

Search by package filename:
filename:my-package.ext

Search by package tag:
tag:latest

Search by package version:
version:1.0.0 prerelease:true _{(prereleases)}
prerelease:false _{(no prereleases)}

Search by package architecture:
architecture:x86_64

Search by package distribution:
distribution:el

Search by package license:
license:MIT

Search by package format:
format:deb

Search by package status:
status:in_progress

Search by package file checksum:
checksum:5afba

Search by package security status:
severity:critical

Search by package vulnerabilities:
vulnerabilities:>1
vulnerabilities:<1000

Search by # of package downloads:
downloads:>8
downloads:<100

Search by package type:
type:binary
type:source

Search by package size (bytes):
size:>50000
size:<10000

Search by dependency name/version:
dependency:log4j
dependency:log4j=1.0.0
dependency:log4j>1.0.0

Search by uploaded date:
uploaded:>"1 day ago"
uploaded:<"August 14, 2022 EST"

Search by entitlement token (identifier):
entitlement:3lKPVJPosCsY

Search by policy violation:
policy_violated:true
deny_policy_violated:true
license_policy_violated:true
vulnerability_policy_violated:true

Search by repository:
repository:repo-name

Search by last download date:
last_downloaded:<"30 days ago"
last_downloaded:>"August 14, 2022 EST"

Search queries for all Debian-specific (and related) package types

Search by component:
deb_component:unstable

Search queries for all Maven-specific (and related) package types

Search by group ID:
maven_group_id:org.apache

Search queries for all Docker-specific (and related) package types

Search by image digest:
docker_image_digest:sha256:7c5..6d4
(full hashref only)

Search by layer digest:
docker_layer_digest:sha256:4c4..ae4
(full hashref only)

Search queries for all Generic-specific package types

Search by file path:
generic_filepath:path/to/file.txt

Search by directory:
generic_directory:path/to

Field type modifiers (depending on the type, you can influence behaviour)

For all queries, you can use:
~foo for negation

For string queries, you can use:
^foo to anchor to start of term
foo$ to anchor to end of term
foo*bar for fuzzy matching

For number/date or version queries, you can use:
>foo for values greater than
>=foo for values greater / equal
<foo for values less than
<=foo for values less / equal

Need a secure and centralised artifact repository to deliver Alpine, Cargo, CocoaPods, Composer, Conan, Conda, CRAN, Dart, Debian, Docker, Generic, Go, Helm, Hex, HuggingFace, LuaRocks, Maven, MCP, npm, NuGet, P2, Python, RedHat, Ruby, Swift, Terraform, Vagrant, VSX, Raw & More packages?

Cloudsmith is the new standard in Package / Artifact Management and Software Distribution.

With support for all major package formats, you can trust us to manage your software supply chain.

Start My Free Trial

Set Me Up

Public — eventstore (Kurrent) / kurrent-lts

A certifiably-awesome public package repository curated by Kurrent, hosted by Cloudsmith.

kurrentdb 26.0.0

Download

One-liner (summary)

A certifiably-awesome package curated by Timothy Coleman, hosted by Cloudsmith.

Description

A certifiably-awesome package curated by Timothy Coleman, hosted by Cloudsmith.

License

Unknown

Size

236.9 MB

Downloads

Tags

image amd64 linux 26.0.0-x64-10.0-nob… 048218d3-0542-472c-…

Status	Completed
Checksum (MD5)	37d96343fd5335ba8b0873b77cabf6e1
Checksum (SHA-1)	f2f0b0f0dc438d5768a99a24b7bffb0e737d5f97
Checksum (SHA-256)	2b96b6c5e1b891f99aa241e78e7a01367e98910eec222adacc2e9b146efa4d15
Checksum (SHA-512)	611df906574e185db3bdc26d5fc06bb2db9f21186f7b54cac1d08c19328163e983…
GPG Signature	Download
GPG Fingerprint	5d4d90c6ce485df1b33cf37fc39876bc6ae970d8
Storage Region	Dublin, Ireland
Type	Binary (contains binaries and binary artifacts)
Uploaded At	5 months ago
Uploaded By
Slug Id	kurrentdb-cve7
Unique Id	5Ceot7EGFWZ6
Version (Raw)	26.0.0
Version (Parsed)	Major: 26 Minor: 0 Patch: 0 Type: SemVer (Strict)
Orig Version (Raw)	2b96b6c5e1b891f99aa241e78e7a01367e98910eec222adacc2e9b146efa4d15
Orig Version (Parsed)	Type: Unknown
	docker-specific metadata
Image Digest	sha256:2b96b6c5e1b891f99aa241e78e7a01367e98910eec222adacc2e9b146efa4d15
Config Digest	sha256:b9dc9da276835c89d878e89e7cae55712d39afb950dfd8db5eba06a986f92b40
V1 OCI Index Digest	sha256:e7ecae435689d36ec33ead65021956d4dc820418742574cdcbfdf009b0bc7fee
V1 Distribution (Signed) Digest	sha256:5fb6914b6430b865f6a870663dd0ba5561a76482566e1afbbcd8f9e68feaf91e
V1 OCI Digest	sha256:e54ba30143c04e92f2155b41040f5a9dc3eb49fe9eae654d18c5d495f5947985
V2 Distribution List Digest	sha256:6bcc05f9c170a521bb482cef4a094ba4c8b5bda20fac6b0bad873430ebea7978
V1 Distribution Digest	sha256:f24f88941865167c495d13dc41ba47b5a69f5a2ad93b72d42f9b1ab8aba34e15
V2 Distribution Digest	sha256:2b96b6c5e1b891f99aa241e78e7a01367e98910eec222adacc2e9b146efa4d15
	extended metadata
Manifest Type	V2 Distribution
Architecture	amd64
Config	Entrypoint /opt/kurrentdb/kurrentd Env ACCEPT_EULA=Y \| APP_UID=1654 \| ASPNETCORE_HTTP_PORTS=8080 \| DEBIAN_FRONTEND=noninteractive \| DOTNET_RUNNING_IN_CONTAINER=true \| LANGUAGE=en_US:en \| PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin Exposed Ports 1112/tcp \| 1113/tcp \| 2113/tcp Healthcheck Interval 5000000000 Retries 24 Test CMD-SHELL \| curl --fail --insecure https://localhost:2113/health/live \|\| curl --fail http://localhost:2113/health/live \|\| exit 1 Timeout 5000000000 Labels 'org.opencontainers.image.version' '24.04' Labels 'org.opencontainers.image.ref.name' 'ubuntu' User kurrent Volumes /var/lib/kurrentdb \| /var/log/kurrentdb Working Dir /opt/kurrentdb
Created	2026-01-16 14:48:14 UTC
Os	linux

This package was uploaded with the following V2 Distribution manifest:

{
   "schemaVersion": 2,
   "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
   "config": {
      "mediaType": "application/vnd.docker.container.image.v1+json",
      "size": 7141,
      "digest": "sha256:de5e3270f9e6219cad63a1606c0869d444f7774c384eb750f9d0d8e333bb4c27"
   },
   "layers": [
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 30595557,
         "digest": "sha256:e93fce65fb9fdbf95d95433f0a49637000c985ffab1470a3bd7dc626ac7f1c06"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 16817684,
         "digest": "sha256:47849234c411df2a1873e94cc6ed07c0ffaf404e13fa7b6fb5a12516344f4e25"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 3532,
         "digest": "sha256:95c4e06fe86479fc5bfb1de59fa34399f623b5cffbe00c989735e9285f5e7ab8"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 39992363,
         "digest": "sha256:317f2343e01d910d5d830f7a8ea95a4f88b6401cdc6df5f79225a98ccb2b5d62"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 2750816,
         "digest": "sha256:01304862c141d35b4b7d38b2b4f2ad38facbcb7da18024ffc55b81f3b78f2005"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 1323,
         "digest": "sha256:af4c2fedf1ced7ebeb5c83be16a874c30db5c34f6e642863e13941baf6d65d29"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 158289202,
         "digest": "sha256:86901ce7d59cf532121b392349f38f2de0c88d28172eabd07780d90fef3af66f"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 32,
         "digest": "sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 192,
         "digest": "sha256:a8ab390039c0ba1ed75d4a68b10b3bb37ed989dc56af329f1ce83cd7b5f9bc9f"
      },
      {
         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
         "size": 190,
         "digest": "sha256:04985c5f4c2b95a396fc21831c27e28e5f5fefa556c38bad4c631972af060e78"
      }
   ]
}

	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) ARG RELEASE	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) ARG LAUNCHPAD_BUILD_ARCH	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) LABEL org.opencontainers.image.ref.name=ubuntu	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) LABEL org.opencontainers.image.version=24.04	32 bytes
	Digest: sha256:e93fce65fb9fdbf95d95433f0a49637000c985ffab1470a3bd7dc626ac7f1c06 Command: /bin/sh -c #(nop) ADD file:3077ee44db3cc7d38740d60a05c81418dd3825a007db473658464f52689e867b in /	29.2 MB
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: /bin/sh -c #(nop) CMD ["/bin/bash"]	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: ENV APP_UID=1654 ASPNETCORE_HTTP_PORTS=8080 DOTNET_RUNNING_IN_CONTAINER=true	32 bytes
	Digest: sha256:47849234c411df2a1873e94cc6ed07c0ffaf404e13fa7b6fb5a12516344f4e25 Command: RUN /bin/sh -c apt-get update && apt-get install -y --no-install-recommends ca-certificates libc6 libgcc-s1 libicu74 libssl3t64 libstdc++6 tzdata tzdata-legacy && rm -rf /var/lib/apt/lists/* # buildkit	16.0 MB
	Digest: sha256:95c4e06fe86479fc5bfb1de59fa34399f623b5cffbe00c989735e9285f5e7ab8 Command: RUN /bin/sh -c groupadd --gid=$APP_UID app && useradd --no-log-init --uid=$APP_UID --gid=$APP_UID --create-home app # buildkit	3.4 KB
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: ARG DATABASE_ARCHIVE_DIR=kurrentdb-26.0.0-linux-x64.tar.gz	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: ARG UID=1001	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: ARG GID=1001	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: ENV LANGUAGE=en_US:en DEBIAN_FRONTEND=noninteractive ACCEPT_EULA=Y	32 bytes
	Digest: sha256:317f2343e01d910d5d830f7a8ea95a4f88b6401cdc6df5f79225a98ccb2b5d62 Command: RUN \|3 DATABASE_ARCHIVE_DIR=kurrentdb-26.0.0-linux-x64.tar.gz UID=1001 GID=1001 /bin/sh -c apt-get update && apt-get upgrade -y && apt-get clean # buildkit	38.1 MB
	Digest: sha256:01304862c141d35b4b7d38b2b4f2ad38facbcb7da18024ffc55b81f3b78f2005 Command: RUN \|3 DATABASE_ARCHIVE_DIR=kurrentdb-26.0.0-linux-x64.tar.gz UID=1001 GID=1001 /bin/sh -c apt update && apt install -y adduser curl && rm -rf /var/lib/apt/lists/* # buildkit	2.6 MB
	Digest: sha256:af4c2fedf1ced7ebeb5c83be16a874c30db5c34f6e642863e13941baf6d65d29 Command: RUN \|3 DATABASE_ARCHIVE_DIR=kurrentdb-26.0.0-linux-x64.tar.gz UID=1001 GID=1001 /bin/sh -c addgroup --gid ${GID} "kurrent" && adduser --disabled-password --gecos "" --ingroup "kurrent" --no-create-home --uid ${UID} "kurrent" # buildkit	1.3 KB
	Digest: sha256:86901ce7d59cf532121b392349f38f2de0c88d28172eabd07780d90fef3af66f Command: COPY --chown=kurrent:kurrent kurrentdb-26.0.0-linux-x64.tar.gz /opt/kurrentdb/ # buildkit	151.0 MB
	Digest: sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1 Command: WORKDIR /opt/kurrentdb	32 bytes
	Digest: sha256:a8ab390039c0ba1ed75d4a68b10b3bb37ed989dc56af329f1ce83cd7b5f9bc9f Command: RUN \|3 DATABASE_ARCHIVE_DIR=kurrentdb-26.0.0-linux-x64.tar.gz UID=1001 GID=1001 /bin/sh -c mkdir -p /var/lib/kurrentdb && mkdir -p /var/log/kurrentdb && mkdir -p /etc/kurrentdb && chown -R kurrent:kurrent /var/lib/kurrentdb /var/log/kurrentdb /etc/kurrentdb # buildkit	192 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: USER kurrent	32 bytes
	Digest: sha256:04985c5f4c2b95a396fc21831c27e28e5f5fefa556c38bad4c631972af060e78 Command: RUN \|3 DATABASE_ARCHIVE_DIR=kurrentdb-26.0.0-linux-x64.tar.gz UID=1001 GID=1001 /bin/sh -c echo "NodeIp: 0.0.0.0\nReplicationIp: 0.0.0.0" >> /etc/kurrentdb/kurrentdb.conf # buildkit	190 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: VOLUME [/var/lib/kurrentdb]	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: VOLUME [/var/log/kurrentdb]	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: EXPOSE map[1112/tcp:{}]	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: EXPOSE map[1113/tcp:{}]	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: EXPOSE map[2113/tcp:{}]	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: HEALTHCHECK &{["CMD-SHELL" "curl --fail --insecure https://localhost:2113/health/live \|\| curl --fail http://localhost:2113/health/live \|\| exit 1"] "5s" "5s" "0s" "0s" '\x18'}	32 bytes
	Digest: sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4 Command: ENTRYPOINT ["/opt/kurrentdb/kurrentd"]	32 bytes

Newer	kurrentdb 26.0.3	image amd64 linux 26.0.3-x64-10.0-nob… fdffabc6-7137-4d96-… 26.0 latest 1 more 241.4 MB — 1 month ago	326
Newer	kurrentdb 26.0.2	image amd64 linux 26.0.2-x64-10.0-nob… e6324a21-f867-4941-… 238.3 MB — 3 months ago	744
Newer	kurrentdb 26.0.1	image amd64 linux 26.0.1-x64-10.0-nob… ff541ec3-69d4-47d1-… 245.6 MB — 4 months, 1 week ago	75
	kurrentdb 26.0.0	image amd64 linux 26.0.0-x64-10.0-nob… 048218d3-0542-472c-… 236.9 MB — 5 months ago	44

Only packages within the same repository are displayed. The current package you're viewing is highlighted.

Last scanned

5 months ago

Scan result

Vulnerable

Vulnerability count

Max. severity

Medium

Target:	ybFDFLfIvK80.sbom-cyclonedx.json (ubuntu 24.04)
MEDIUM	CVE-2025-68972: gnupg: GnuPG: Signature bypass via form feed character in signed messages In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an "invalid armor" message is printed during verification). This is related to use of \f as a marker to denote truncation of a long plaintext line. Package Name: gpgv Installed Version: 2.4.4-2ubuntu17.4 Fixed Version: References: access.redhat.com gpg.fail media.ccc.de news.ycombinator.com nvd.nist.gov www.cve.org
MEDIUM	CVE-2025-8941: linux-pam: Incomplete fix for CVE-2025-6020 A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020. Package Name: libpam-modules Installed Version: 1.5.3-5ubuntu5.5 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org
MEDIUM	CVE-2025-8941: linux-pam: Incomplete fix for CVE-2025-6020 A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020. Package Name: libpam-modules-bin Installed Version: 1.5.3-5ubuntu5.5 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org
MEDIUM	CVE-2025-8941: linux-pam: Incomplete fix for CVE-2025-6020 A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020. Package Name: libpam-runtime Installed Version: 1.5.3-5ubuntu5.5 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org
MEDIUM	CVE-2025-8941: linux-pam: Incomplete fix for CVE-2025-6020 A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020. Package Name: libpam0g Installed Version: 1.5.3-5ubuntu5.5 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org
MEDIUM	CVE-2025-45582: tar: Tar path traversal GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file's name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of "Member name contains '..'" that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain "x -> ../../../../../home/victim/.ssh" and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal. This can also affect software installation processes in which "tar xf" is run more than once (e.g., when installing a package can automatically install two dependencies that are set up as untrusted tarballs instead of official packages). NOTE: the official GNU Tar manual has an otherwise-empty directory for each "tar xf" in its Security Rules of Thumb; however, third-party advice leads users to run "tar xf" more than once into the same directory. Package Name: tar Installed Version: 1.35+dfsg-3build1 Fixed Version: References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com linux.oracle.com linux.oracle.com lists.gnu.org nvd.nist.gov www.cve.org www.gnu.org www.gnu.org www.gnu.org www.gnu.org
LOW	CVE-2016-2781: coreutils: Non-privileged session can escape to the parent session in chroot chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. Package Name: coreutils Installed Version: 9.4-3ubuntu6.1 Fixed Version: References: seclists.org www.openwall.com www.openwall.com access.redhat.com lists.apache.org lore.kernel.org mirrors.edge.kernel.org nvd.nist.gov www.cve.org
LOW	CVE-2025-0167: When asked to use a `.netrc` file for credentials and to follow HT ... When asked to use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a `default` entry that omits both login and password. A rare circumstance. Package Name: curl Installed Version: 8.5.0-2ubuntu10.6 Fixed Version: References: curl.se curl.se hackerone.com nvd.nist.gov security.netapp.com www.cve.org
LOW	CVE-2025-10148: curl: predictable WebSocket mask curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy. Package Name: curl Installed Version: 8.5.0-2ubuntu10.6 Fixed Version: References: www.openwall.com www.openwall.com www.openwall.com access.redhat.com curl.se curl.se hackerone.com nvd.nist.gov www.cve.org
LOW	CVE-2025-14524: When an OAuth2 bearer token is used for an HTTP(S) transfer, and that ... When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host. Package Name: curl Installed Version: 8.5.0-2ubuntu10.6 Fixed Version: References: www.openwall.com curl.se curl.se hackerone.com www.cve.org
LOW	CVE-2025-14819: When doing TLS related transfers with reused easy or multi handles and ... When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not. Package Name: curl Installed Version: 8.5.0-2ubuntu10.6 Fixed Version: References: www.openwall.com curl.se curl.se www.cve.org
LOW	CVE-2025-15079: When doing SSH-based transfers using either SCP or SFTP, and setting t ... When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts not present in the specified file if they were added as recognized in the libssh global known_hosts file. Package Name: curl Installed Version: 8.5.0-2ubuntu10.6 Fixed Version: References: www.openwall.com curl.se curl.se hackerone.com www.cve.org
LOW	CVE-2025-15224: When doing SSH-based transfers using either SCP or SFTP, and asked to ... When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent. Package Name: curl Installed Version: 8.5.0-2ubuntu10.6 Fixed Version: References: www.openwall.com curl.se curl.se hackerone.com www.cve.org
LOW	CVE-2025-9086: curl: libcurl: Curl out of bounds read for cookie path 1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path=\"/\",`). Since this site is not secure, the cookie should just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay. Package Name: curl Installed Version: 8.5.0-2ubuntu10.6 Fixed Version: References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com curl.se curl.se cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com hackerone.com linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov www.cve.org
LOW	CVE-2022-3219: gnupg: denial of service issue (resource consumption) using compressed packets GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB. Package Name: gpgv Installed Version: 2.4.4-2ubuntu17.4 Fixed Version: References: access.redhat.com bugzilla.redhat.com dev.gnupg.org dev.gnupg.org marc.info nvd.nist.gov security.netapp.com www.cve.org
LOW	CVE-2025-0167: When asked to use a `.netrc` file for credentials and to follow HT ... When asked to use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a `default` entry that omits both login and password. A rare circumstance. Package Name: libcurl4t64 Installed Version: 8.5.0-2ubuntu10.6 Fixed Version: References: curl.se curl.se hackerone.com nvd.nist.gov security.netapp.com www.cve.org
LOW	CVE-2025-10148: curl: predictable WebSocket mask curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy. Package Name: libcurl4t64 Installed Version: 8.5.0-2ubuntu10.6 Fixed Version: References: www.openwall.com www.openwall.com www.openwall.com access.redhat.com curl.se curl.se hackerone.com nvd.nist.gov www.cve.org
LOW	CVE-2025-14524: When an OAuth2 bearer token is used for an HTTP(S) transfer, and that ... When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host. Package Name: libcurl4t64 Installed Version: 8.5.0-2ubuntu10.6 Fixed Version: References: www.openwall.com curl.se curl.se hackerone.com www.cve.org
LOW	CVE-2025-14819: When doing TLS related transfers with reused easy or multi handles and ... When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not. Package Name: libcurl4t64 Installed Version: 8.5.0-2ubuntu10.6 Fixed Version: References: www.openwall.com curl.se curl.se www.cve.org
LOW	CVE-2025-15079: When doing SSH-based transfers using either SCP or SFTP, and setting t ... When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts not present in the specified file if they were added as recognized in the libssh global known_hosts file. Package Name: libcurl4t64 Installed Version: 8.5.0-2ubuntu10.6 Fixed Version: References: www.openwall.com curl.se curl.se hackerone.com www.cve.org
LOW	CVE-2025-15224: When doing SSH-based transfers using either SCP or SFTP, and asked to ... When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent. Package Name: libcurl4t64 Installed Version: 8.5.0-2ubuntu10.6 Fixed Version: References: www.openwall.com curl.se curl.se hackerone.com www.cve.org
LOW	CVE-2025-9086: curl: libcurl: Curl out of bounds read for cookie path 1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path=\"/\",`). Since this site is not secure, the cookie should just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay. Package Name: libcurl4t64 Installed Version: 8.5.0-2ubuntu10.6 Fixed Version: References: www.openwall.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com curl.se curl.se cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com hackerone.com linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov www.cve.org
LOW	CVE-2024-2236: libgcrypt: vulnerable to Marvin Attack A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts. Package Name: libgcrypt20 Installed Version: 1.10.3-2build1 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org dev.gnupg.org errata.almalinux.org errata.rockylinux.org github.com gitlab.com linux.oracle.com linux.oracle.com lists.gnupg.org nvd.nist.gov www.cve.org
LOW	CVE-2025-5222: icu: Stack buffer overflow in the SRBRoot::addTag function A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution. Package Name: libicu74 Installed Version: 74.2-1ubuntu3.1 Fixed Version: References: access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov www.cve.org
LOW	CVE-2024-56433: shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid. Package Name: login Installed Version: 1:4.13+dfsg1-4ubuntu3.2 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org
LOW	CVE-2024-56433: shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid. Package Name: passwd Installed Version: 1:4.13+dfsg1-4ubuntu3.2 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com bugzilla.redhat.com cve.mitre.org errata.almalinux.org errata.rockylinux.org github.com github.com github.com linux.oracle.com linux.oracle.com nvd.nist.gov www.cve.org

Package statistics are no longer available on cloudsmith.io. Please visit our new web app to access this feature.

You can embed a badge in another website that shows this or the latest version of this package.

To embed the badge for this specific package version, use the following:

[![This version of 'kurrentdb' @ Cloudsmith](https://api.cloudsmith.com/v1/badges/version/eventstore/kurrent-lts/docker/kurrentdb/26.0.0/a=amd64;xpo=linux/?render=true)](https://cloudsmith.io/~eventstore/repos/kurrent-lts/packages/detail/docker/kurrentdb/2b96b6c5e1b891f99aa241e78e7a01367e98910eec222adacc2e9b146efa4d15/a=amd64;xpo=linux/)

|This version of 'kurrentdb' @ Cloudsmith|
.. |This version of 'kurrentdb' @ Cloudsmith| image:: https://api.cloudsmith.com/v1/badges/version/eventstore/kurrent-lts/docker/kurrentdb/26.0.0/a=amd64;xpo=linux/?render=true
   :target: https://cloudsmith.io/~eventstore/repos/kurrent-lts/packages/detail/docker/kurrentdb/2b96b6c5e1b891f99aa241e78e7a01367e98910eec222adacc2e9b146efa4d15/a=amd64;xpo=linux/

image::https://api.cloudsmith.com/v1/badges/version/eventstore/kurrent-lts/docker/kurrentdb/26.0.0/a=amd64;xpo=linux/?render=true[link="https://cloudsmith.io/~eventstore/repos/kurrent-lts/packages/detail/docker/kurrentdb/2b96b6c5e1b891f99aa241e78e7a01367e98910eec222adacc2e9b146efa4d15/a=amd64;xpo=linux/",title="This version of 'kurrentdb' @ Cloudsmith"]

<a href="https://cloudsmith.io/~eventstore/repos/kurrent-lts/packages/detail/docker/kurrentdb/2b96b6c5e1b891f99aa241e78e7a01367e98910eec222adacc2e9b146efa4d15/a=amd64;xpo=linux/"><img src="https://api.cloudsmith.com/v1/badges/version/eventstore/kurrent-lts/docker/kurrentdb/26.0.0/a=amd64;xpo=linux/?render=true" alt="This version of 'kurrentdb' @ Cloudsmith" /></a>

rendered as:

To embed the badge for the latest package version, use the following:

[![Latest version of 'kurrentdb' @ Cloudsmith](https://api.cloudsmith.com/v1/badges/version/eventstore/kurrent-lts/docker/kurrentdb/latest/a=amd64;xpo=linux/?render=true&show_latest=true)](https://cloudsmith.io/~eventstore/repos/kurrent-lts/packages/detail/docker/kurrentdb/latest/a=amd64;xpo=linux/)

|Latest version of 'kurrentdb' @ Cloudsmith|
.. |Latest version of 'kurrentdb' @ Cloudsmith| image:: https://api.cloudsmith.com/v1/badges/version/eventstore/kurrent-lts/docker/kurrentdb/latest/a=amd64;xpo=linux/?render=true&show_latest=true
   :target: https://cloudsmith.io/~eventstore/repos/kurrent-lts/packages/detail/docker/kurrentdb/latest/a=amd64;xpo=linux/

image::https://api.cloudsmith.com/v1/badges/version/eventstore/kurrent-lts/docker/kurrentdb/latest/a=amd64;xpo=linux/?render=true&show_latest=true[link="https://cloudsmith.io/~eventstore/repos/kurrent-lts/packages/detail/docker/kurrentdb/latest/a=amd64;xpo=linux/",title="Latest version of 'kurrentdb' @ Cloudsmith"]

<a href="https://cloudsmith.io/~eventstore/repos/kurrent-lts/packages/detail/docker/kurrentdb/latest/a=amd64;xpo=linux/"><img src="https://api.cloudsmith.com/v1/badges/version/eventstore/kurrent-lts/docker/kurrentdb/latest/a=amd64;xpo=linux/?render=true&show_latest=true" alt="Latest version of 'kurrentdb' @ Cloudsmith" /></a>

rendered as:

These instructions assume you have setup the repository first (or read it).

To pull kurrentdb @ reference/tag 26.0.0:

docker pull docker.eventstore.com/kurrent-lts/kurrentdb:26.0.0

You can also pull the latest version of this image (if it exists):

docker pull docker.eventstore.com/kurrent-lts/kurrentdb:latest

To refer to this image after pulling in a Dockerfile, specify the following:

FROM docker.eventstore.com/kurrent-lts/kurrentdb:26.0.0

Note: You should replace 26.0.0 with an alternative reference to pull, such as: 048218d3-0542-472c-ba78-83a1c8d5a4e9 and 26.0.0-x64-10.0-noble.

Still stuck? Need help? Don't panic. Just contact us for help (even if you're not a customer).

Previous Version

Next Version: 26.0.1

kurrentdb 26.0.0

One-liner (summary)

Description

License

Size

Downloads

Tags

kurrentdb

kurrentdb

kurrentdb

kurrentdb

Last scanned

Scan result

Vulnerability count

Max. severity

CVE-2025-68972: gnupg: GnuPG: Signature bypass via form feed character in signed messages

CVE-2025-8941: linux-pam: Incomplete fix for CVE-2025-6020

CVE-2025-8941: linux-pam: Incomplete fix for CVE-2025-6020

CVE-2025-8941: linux-pam: Incomplete fix for CVE-2025-6020

CVE-2025-8941: linux-pam: Incomplete fix for CVE-2025-6020

CVE-2025-45582: tar: Tar path traversal

CVE-2016-2781: coreutils: Non-privileged session can escape to the parent session in chroot

CVE-2025-0167: When asked to use a `.netrc` file for credentials **and** to follow HT ...

CVE-2025-10148: curl: predictable WebSocket mask

CVE-2025-14524: When an OAuth2 bearer token is used for an HTTP(S) transfer, and that ...

CVE-2025-14819: When doing TLS related transfers with reused easy or multi handles and ...

CVE-2025-15079: When doing SSH-based transfers using either SCP or SFTP, and setting t ...

CVE-2025-15224: When doing SSH-based transfers using either SCP or SFTP, and asked to ...

CVE-2025-9086: curl: libcurl: Curl out of bounds read for cookie path

CVE-2022-3219: gnupg: denial of service issue (resource consumption) using compressed packets

CVE-2025-0167: When asked to use a `.netrc` file for credentials **and** to follow HT ...

CVE-2025-10148: curl: predictable WebSocket mask

CVE-2025-14524: When an OAuth2 bearer token is used for an HTTP(S) transfer, and that ...

CVE-2025-14819: When doing TLS related transfers with reused easy or multi handles and ...

CVE-2025-15079: When doing SSH-based transfers using either SCP or SFTP, and setting t ...

CVE-2025-15224: When doing SSH-based transfers using either SCP or SFTP, and asked to ...

CVE-2025-9086: curl: libcurl: Curl out of bounds read for cookie path

CVE-2024-2236: libgcrypt: vulnerable to Marvin Attack

CVE-2025-5222: icu: Stack buffer overflow in the SRBRoot::addTag function

CVE-2024-56433: shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise

CVE-2024-56433: shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise

CVE-2025-0167: When asked to use a `.netrc` file for credentials and to follow HT ...

CVE-2025-0167: When asked to use a `.netrc` file for credentials and to follow HT ...