You can use boolean logic (e.g. AND/OR/NOT) for complex search queries. For more help and examples, see the search documentation.
Search by package name:
my-package
(implicit)
name:my-package
(explicit)
Search by package filename:
my-package.ext
(implicit)
filename:my-package.ext
(explicit)
Search by package tag:
latest
(implicit)
tag:latest
(explicit)
Search by package version:
1.0.0
(implicit)
version:1.0.0
(explicit)
prerelease:true
(prereleases)
prerelease:false
(no prereleases)
Search by package architecture:
architecture:x86_64
Search by package distribution:
distribution:el
Search by package license:
license:MIT
Search by package format:
format:deb
Search by package status:
status:in_progress
Search by package file checksum:
checksum:5afba
Search by package security status:
severity:critical
Search by package vulnerabilities:
vulnerabilities:>1
vulnerabilities:<1000
Search by # of package downloads:
downloads:>8
downloads:<100
Search by package type:
type:binary
type:source
Search by package size (bytes):
size:>50000
size:<10000
Search by dependency name/version:
dependency:log4j
dependency:log4j=1.0.0
dependency:log4j>1.0.0
Search by uploaded date:
uploaded:>"1 day ago"
uploaded:<"August 14, 2022 EST"
Search by entitlement token (identifier):
entitlement:3lKPVJPosCsY
Search by policy violation:
policy_violated:true
deny_policy_violated:true
license_policy_violated:true
vulnerability_policy_violated:true
Search by repository:
repository:repo-name
Search queries for all Debian-specific (and related) package types
Search by component:
deb_component:unstable
Search queries for all Maven-specific (and related) package types
Search by group ID:
maven_group_id:org.apache
Search queries for all Docker-specific (and related) package types
Search by image digest:
docker_image_digest:sha256:7c5..6d4
(full hashref only)
Search by layer digest:
docker_layer_digest:sha256:4c4..ae4
(full hashref only)
Field type modifiers (depending on the type, you can influence behaviour)
For all queries, you can use:
~foo
for negation
For string queries, you can use:
^foo
to anchor to start of term
foo$
to anchor to end of term
foo*bar
for fuzzy matching
For number/date or version queries, you can use:
>foo
for values greater than
>=foo
for values greater / equal
<foo
for values less than
<=foo
for values less / equal
Need a secure and centralised artifact repository to deliver Alpine,
Cargo,
CocoaPods,
Composer,
Conan,
Conda,
CRAN,
Dart,
Debian,
Docker,
Go,
Helm,
Hex,
LuaRocks,
Maven,
npm,
NuGet,
P2,
Python,
RedHat,
Ruby,
Swift,
Terraform,
Vagrant,
Raw & More packages?
Cloudsmith is the new standard in Package / Artifact Management and Software Distribution.
With support for all major package formats, you can trust us to manage your software supply chain.
contentgrid/solon 810af5802e7d3b63c416c40e8e9…
One-liner (summary)
Description
Status | Completed |
---|---|
GPG Signature | |
Storage Region | Frankfurt, Germany |
Type | Binary (contains binaries and binary artifacts) |
Uploaded At | 1 year, 9 months ago |
Uploaded By | |
Slug Id | contentgridsolon-Yyp |
Unique Id | xLN2gVCXQZvL |
Version (Raw) | 810af5802e7d3b63c416c40e8e9706a73238e959c63ac41efa4b7d6846fbfd05 |
Version (Parsed) |
|
docker-specific metadata | |
Image Digest | sha256:810af5802e7d3b63c416c40e8e9706a73238e959c63ac41efa4b7d6846fbfd05 |
Config Digest | sha256:623e964b266ae2f9e0bd738abb8fa747345f25ae324f26b6eccf86ce20748de9 |
V1 OCI Index Digest | sha256:e1ebf781447f73c9d7afd1e95c992c1a4045fa9492cc931d3f91822cf6ffa8c5 |
V1 Distribution (Signed) Digest | sha256:5f37750ca064dc42d9ffa55b1a72f1cc1fe02fb3b0c6b292f587e9e7f8af410f |
V1 OCI Digest | sha256:ae934455d7a458c8df9e87a8a432fe231b6100581f00cc5aac78f1c89c0e2f84 |
V2 Distribution List Digest | sha256:857e75bc03569b9458f2864972545e56ae4f053d4a245fee85191010d078455e |
V1 Distribution Digest | sha256:5255e1c4bf3a5ef9ebdd5c3882decdebd09493d06b82ff4ebac7364e5ab2a3d1 |
V2 Distribution Digest | sha256:810af5802e7d3b63c416c40e8e9706a73238e959c63ac41efa4b7d6846fbfd05 |
extended metadata | |
Manifest Type | V2 Distribution |
Architecture | amd64 |
Config | |
Created | 1980-01-01 00:00:01 UTC |
Os | linux |
This package was uploaded with the following V2 Distribution manifest:
{
"schemaVersion": 2,
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"config": {
"mediaType": "application/vnd.docker.container.image.v1+json",
"size": 29838,
"digest": "sha256:d16f8dda2ba6b1e40622295f2e21fd976e954fd81b38323f3a3f80d24bba790d"
},
"layers": [
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 26712500,
"digest": "sha256:a404e54162968593b8d92b571f3cdd673e4c9eab5d9be28d7c494595c0aa6682"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 237,
"digest": "sha256:795b192205652c9c8cffa3e03a5fb238cf14f807747dbea3eb43dcde5ad3ad90"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 268,
"digest": "sha256:0ce12e95ee49025f7dfd46f3554de69d16d3cf053a91bc77cffe0388c93af500"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 8451302,
"digest": "sha256:4b8c913f2038d9f6c10cbe2330c040e15fa4e0680dd3b8bc08723bbe9210277b"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 458,
"digest": "sha256:fec36b8c9d3ae4269a15760ba733e6787bed2db131c028f3271b099a123d1d64"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 766,
"digest": "sha256:c4db82fa0ee1c733a25e9c310a795898b8ae568237799fca5bf08bc11c963a2a"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 403,
"digest": "sha256:bee0d0e29bb4d047cd719b7272240dd60c2caedd405073ebc363db22b2b4db6a"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 1420893,
"digest": "sha256:f04e4d7882511415610eed1ebd114738996aff12ec655f4dfae7a3dc7336ece7"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 1562059,
"digest": "sha256:11efeb34359412182839f6c35c47d6fb3ccbce0d0fec0d0426a6aa426fe4c4b5"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 376,
"digest": "sha256:5c96df4fa74419241e670f997779d09d61ea9e9a79d6450bf6369070d8025b10"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 53527555,
"digest": "sha256:d6ddef23198189790286a6a4998783c47bdb2af2b3c73f284dd03cbedb8ce74e"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 273,
"digest": "sha256:9ad49796e8f672ade2af8037e0414d838adef5393d21a72ebb3af34a88a08c31"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 733723,
"digest": "sha256:793d20539ea1fc9a2baf8eef494a2534f2ba528cc3a94f3b174f72ad2db65f83"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 53897,
"digest": "sha256:02897775ee3531663c8b2fe10b1319cc0aa216e4ae97584c837ae470eb907aa0"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 260,
"digest": "sha256:956200cea8a0fdb4a2b3b7e0582034c46f2e205019c0d7b1625863e1ce5f3af4"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 60260,
"digest": "sha256:b6aad3a24eb2071dea8f540e72e92f30e83ba70d91b9f5af08efaec427ab294c"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 41141230,
"digest": "sha256:58f9183dc80d37e267ebb30a5b2148a1304e3c2b0f107bce2b9144e19cb6553a"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 86407,
"digest": "sha256:d536624bf987b6f0c73fd6f68927dcd96d766764410d1cbb93e8e010483b9d9b"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 32,
"digest": "sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 16456,
"digest": "sha256:13e071391fb139d1f1ba9ccb5bc461d38afe6d14803582fd4a167a509fd302a6"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 32,
"digest": "sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 995058,
"digest": "sha256:6e1739b9b3fbb9fdb79c94e539c87d1c764fd8ea848babde1365d70921770ce0"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 569,
"digest": "sha256:8be351508c38b08ef5354e8db5b6a71d6485f6da01930e08fc65713876f64f6d"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 198,
"digest": "sha256:3a4cb709502c02c84a45e39cabd30b603b73e8e6428ab1b92d49d401da8e71be"
}
]
}
Last scanned
1 year, 9 months ago
Scan result
Vulnerable
Vulnerability count
50
Max. severity
HighTarget: | . (ubuntu 18.04) | |
MEDIUM |
CVE-2022-3715: bash: a heap-buffer-overflow in valid_parameter_transformA flaw was found in the bash package, where a heap-buffer overflow can occur in valid_parameter_transform. This issue may lead to memory problems.Package Name: bash Installed Version: 4.4.18-2ubuntu1.3 Fixed Version: References: access.redhat.com cve.mitre.org |
|
MEDIUM |
CVE-2020-13844: kernel: ARM straight-line speculation vulnerabilityArm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka "straight-line speculation."Package Name: gcc-8-base Installed Version: 8.4.0-1ubuntu1~18.04 Fixed Version: References: lists.llvm.org lists.opensuse.org lists.opensuse.org access.redhat.com cve.mitre.org developer.arm.com developer.arm.com developer.arm.com gcc.gnu.org git.kernel.org |
|
MEDIUM |
CVE-2020-13844: kernel: ARM straight-line speculation vulnerabilityArm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka "straight-line speculation."Package Name: libgcc1 Installed Version: 8.4.0-1ubuntu1~18.04 Fixed Version: References: lists.llvm.org lists.opensuse.org lists.opensuse.org access.redhat.com cve.mitre.org developer.arm.com developer.arm.com developer.arm.com gcc.gnu.org git.kernel.org |
|
MEDIUM |
CVE-2020-13844: kernel: ARM straight-line speculation vulnerabilityArm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka "straight-line speculation."Package Name: libstdc++6 Installed Version: 8.4.0-1ubuntu1~18.04 Fixed Version: References: lists.llvm.org lists.opensuse.org lists.opensuse.org access.redhat.com cve.mitre.org developer.arm.com developer.arm.com developer.arm.com gcc.gnu.org git.kernel.org |
|
MEDIUM |
CVE-2022-3821: systemd: buffer overrun in format_timespan() function.An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.Package Name: libsystemd0 Installed Version: 237-3ubuntu10.56 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com github.com github.com lists.fedoraproject.org nvd.nist.gov |
|
MEDIUM |
CVE-2022-3821: systemd: buffer overrun in format_timespan() function.An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.Package Name: libudev1 Installed Version: 237-3ubuntu10.56 Fixed Version: References: access.redhat.com bugzilla.redhat.com cve.mitre.org github.com github.com github.com lists.fedoraproject.org nvd.nist.gov |
|
MEDIUM |
CVE-2022-42800This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A user may be able to cause unexpected app termination or arbitrary code execution.Package Name: zlib1g Installed Version: 1:1.2.11.dfsg-0ubuntu2.2 Fixed Version: References: cve.mitre.org support.apple.com support.apple.com support.apple.com support.apple.com support.apple.com support.apple.com |
|
LOW |
CVE-2016-2781: coreutils: Non-privileged session can escape to the parent session in chrootchroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.Package Name: coreutils Installed Version: 8.28-1ubuntu1 Fixed Version: References: seclists.org www.openwall.com www.openwall.com access.redhat.com cve.mitre.org lists.apache.org lore.kernel.org nvd.nist.gov |
|
LOW |
CVE-2022-3219: gnupg: denial of service issue (resource consumption) using compressed packetsNo description is available for this CVE.Package Name: gpgv Installed Version: 2.2.4-1ubuntu1.6 Fixed Version: References: access.redhat.com cve.mitre.org marc.info |
|
LOW |
CVE-2009-5155: glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect resultIn the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.Package Name: libc-bin Installed Version: 2.27-3ubuntu1.6 Fixed Version: References: git.savannah.gnu.org access.redhat.com cve.mitre.org debbugs.gnu.org debbugs.gnu.org debbugs.gnu.org lists.apache.org lists.apache.org security.netapp.com sourceware.org sourceware.org sourceware.org support.f5.com support.f5.com ubuntu.com |
|
LOW |
CVE-2015-8985: glibc: potential denial of service in pop_fail_stack()The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.Package Name: libc-bin Installed Version: 2.27-3ubuntu1.6 Fixed Version: References: www.openwall.com www.securityfocus.com access.redhat.com bugs.debian.org cve.mitre.org security.gentoo.org sourceware.org |
|
LOW |
CVE-2016-20013sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.Package Name: libc-bin Installed Version: 2.27-3ubuntu1.6 Fixed Version: References: akkadia.org cve.mitre.org pthree.org twitter.com |
|
LOW |
CVE-2009-5155: glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect resultIn the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.Package Name: libc6 Installed Version: 2.27-3ubuntu1.6 Fixed Version: References: git.savannah.gnu.org access.redhat.com cve.mitre.org debbugs.gnu.org debbugs.gnu.org debbugs.gnu.org lists.apache.org lists.apache.org security.netapp.com sourceware.org sourceware.org sourceware.org support.f5.com support.f5.com ubuntu.com |
|
LOW |
CVE-2015-8985: glibc: potential denial of service in pop_fail_stack()The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.Package Name: libc6 Installed Version: 2.27-3ubuntu1.6 Fixed Version: References: www.openwall.com www.securityfocus.com access.redhat.com bugs.debian.org cve.mitre.org security.gentoo.org sourceware.org |
|
LOW |
CVE-2016-20013sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.Package Name: libc6 Installed Version: 2.27-3ubuntu1.6 Fixed Version: References: akkadia.org cve.mitre.org pthree.org twitter.com |
|
LOW |
CVE-2018-16868: gnutls: Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification and padding oracle verificationA Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.Package Name: libgnutls30 Installed Version: 3.5.18-1ubuntu1.6 Fixed Version: References: cat.eyalro.net lists.opensuse.org lists.opensuse.org www.securityfocus.com access.redhat.com bugzilla.redhat.com cve.mitre.org |
|
LOW |
CVE-2019-17594: ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.cThere is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.Package Name: libncurses5 Installed Version: 6.1-1ubuntu1.18.04 Fixed Version: References: lists.opensuse.org lists.opensuse.org access.redhat.com access.redhat.com access.redhat.com cve.mitre.org errata.almalinux.org linux.oracle.com linux.oracle.com lists.gnu.org lists.gnu.org security.gentoo.org ubuntu.com |
|
LOW |
CVE-2019-17595: ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.cThere is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.Package Name: libncurses5 Installed Version: 6.1-1ubuntu1.18.04 Fixed Version: References: lists.opensuse.org lists.opensuse.org access.redhat.com access.redhat.com access.redhat.com cve.mitre.org errata.almalinux.org linux.oracle.com linux.oracle.com lists.gnu.org lists.gnu.org security.gentoo.org ubuntu.com |
|
LOW |
CVE-2021-39537: ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.cAn issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.Package Name: libncurses5 Installed Version: 6.1-1ubuntu1.18.04 Fixed Version: References: cvsweb.netbsd.org seclists.org seclists.org seclists.org seclists.org access.redhat.com cve.mitre.org lists.gnu.org lists.gnu.org nvd.nist.gov support.apple.com support.apple.com support.apple.com ubuntu.com |
|
LOW |
CVE-2022-29458: ncurses: segfaulting OOB readncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.Package Name: libncurses5 Installed Version: 6.1-1ubuntu1.18.04 Fixed Version: References: seclists.org access.redhat.com cve.mitre.org invisible-island.net lists.debian.org lists.gnu.org lists.gnu.org nvd.nist.gov support.apple.com ubuntu.com |
|
LOW |
CVE-2019-17594: ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.cThere is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.Package Name: libncursesw5 Installed Version: 6.1-1ubuntu1.18.04 Fixed Version: References: lists.opensuse.org lists.opensuse.org access.redhat.com access.redhat.com access.redhat.com cve.mitre.org errata.almalinux.org linux.oracle.com linux.oracle.com lists.gnu.org lists.gnu.org security.gentoo.org ubuntu.com |
|
LOW |
CVE-2019-17595: ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.cThere is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.Package Name: libncursesw5 Installed Version: 6.1-1ubuntu1.18.04 Fixed Version: References: lists.opensuse.org lists.opensuse.org access.redhat.com access.redhat.com access.redhat.com cve.mitre.org errata.almalinux.org linux.oracle.com linux.oracle.com lists.gnu.org lists.gnu.org security.gentoo.org ubuntu.com |
|
LOW |
CVE-2021-39537: ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.cAn issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.Package Name: libncursesw5 Installed Version: 6.1-1ubuntu1.18.04 Fixed Version: References: cvsweb.netbsd.org seclists.org seclists.org seclists.org seclists.org access.redhat.com cve.mitre.org lists.gnu.org lists.gnu.org nvd.nist.gov support.apple.com support.apple.com support.apple.com ubuntu.com |
|
LOW |
CVE-2022-29458: ncurses: segfaulting OOB readncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.Package Name: libncursesw5 Installed Version: 6.1-1ubuntu1.18.04 Fixed Version: References: seclists.org access.redhat.com cve.mitre.org invisible-island.net lists.debian.org lists.gnu.org lists.gnu.org nvd.nist.gov support.apple.com ubuntu.com |
|
LOW |
CVE-2017-11164: pcre: OP_KETRMAX feature in the match function in pcre_exec.cIn PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.Package Name: libpcre3 Installed Version: 2:8.39-9ubuntu0.1 Fixed Version: References: openwall.com www.securityfocus.com access.redhat.com cve.mitre.org lists.apache.org |
|
LOW |
CVE-2019-17594: ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.cThere is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.Package Name: libtinfo5 Installed Version: 6.1-1ubuntu1.18.04 Fixed Version: References: lists.opensuse.org lists.opensuse.org access.redhat.com access.redhat.com access.redhat.com cve.mitre.org errata.almalinux.org linux.oracle.com linux.oracle.com lists.gnu.org lists.gnu.org security.gentoo.org ubuntu.com |
|
LOW |
CVE-2019-17595: ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.cThere is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.Package Name: libtinfo5 Installed Version: 6.1-1ubuntu1.18.04 Fixed Version: References: lists.opensuse.org lists.opensuse.org access.redhat.com access.redhat.com access.redhat.com cve.mitre.org errata.almalinux.org linux.oracle.com linux.oracle.com lists.gnu.org lists.gnu.org security.gentoo.org ubuntu.com |
|
LOW |
CVE-2021-39537: ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.cAn issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.Package Name: libtinfo5 Installed Version: 6.1-1ubuntu1.18.04 Fixed Version: References: cvsweb.netbsd.org seclists.org seclists.org seclists.org seclists.org access.redhat.com cve.mitre.org lists.gnu.org lists.gnu.org nvd.nist.gov support.apple.com support.apple.com support.apple.com ubuntu.com |
|
LOW |
CVE-2022-29458: ncurses: segfaulting OOB readncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.Package Name: libtinfo5 Installed Version: 6.1-1ubuntu1.18.04 Fixed Version: References: seclists.org access.redhat.com cve.mitre.org invisible-island.net lists.debian.org lists.gnu.org lists.gnu.org nvd.nist.gov support.apple.com ubuntu.com |
|
LOW |
CVE-2009-5155: glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect resultIn the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.Package Name: locales Installed Version: 2.27-3ubuntu1.6 Fixed Version: References: git.savannah.gnu.org access.redhat.com cve.mitre.org debbugs.gnu.org debbugs.gnu.org debbugs.gnu.org lists.apache.org lists.apache.org security.netapp.com sourceware.org sourceware.org sourceware.org support.f5.com support.f5.com ubuntu.com |
|
LOW |
CVE-2015-8985: glibc: potential denial of service in pop_fail_stack()The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.Package Name: locales Installed Version: 2.27-3ubuntu1.6 Fixed Version: References: www.openwall.com www.securityfocus.com access.redhat.com bugs.debian.org cve.mitre.org security.gentoo.org sourceware.org |
|
LOW |
CVE-2016-20013sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.Package Name: locales Installed Version: 2.27-3ubuntu1.6 Fixed Version: References: akkadia.org cve.mitre.org pthree.org twitter.com |
|
LOW |
CVE-2013-4235: shadow-utils: TOCTOU race conditions by copying and removing directory treesshadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory treesPackage Name: login Installed Version: 1:4.5-1ubuntu2.3 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com cve.mitre.org github.com github.com lists.apache.org security-tracker.debian.org security.gentoo.org |
|
LOW |
CVE-2019-17594: ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.cThere is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.Package Name: ncurses-base Installed Version: 6.1-1ubuntu1.18.04 Fixed Version: References: lists.opensuse.org lists.opensuse.org access.redhat.com access.redhat.com access.redhat.com cve.mitre.org errata.almalinux.org linux.oracle.com linux.oracle.com lists.gnu.org lists.gnu.org security.gentoo.org ubuntu.com |
|
LOW |
CVE-2019-17595: ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.cThere is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.Package Name: ncurses-base Installed Version: 6.1-1ubuntu1.18.04 Fixed Version: References: lists.opensuse.org lists.opensuse.org access.redhat.com access.redhat.com access.redhat.com cve.mitre.org errata.almalinux.org linux.oracle.com linux.oracle.com lists.gnu.org lists.gnu.org security.gentoo.org ubuntu.com |
|
LOW |
CVE-2021-39537: ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.cAn issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.Package Name: ncurses-base Installed Version: 6.1-1ubuntu1.18.04 Fixed Version: References: cvsweb.netbsd.org seclists.org seclists.org seclists.org seclists.org access.redhat.com cve.mitre.org lists.gnu.org lists.gnu.org nvd.nist.gov support.apple.com support.apple.com support.apple.com ubuntu.com |
|
LOW |
CVE-2022-29458: ncurses: segfaulting OOB readncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.Package Name: ncurses-base Installed Version: 6.1-1ubuntu1.18.04 Fixed Version: References: seclists.org access.redhat.com cve.mitre.org invisible-island.net lists.debian.org lists.gnu.org lists.gnu.org nvd.nist.gov support.apple.com ubuntu.com |
|
LOW |
CVE-2019-17594: ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.cThere is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.Package Name: ncurses-bin Installed Version: 6.1-1ubuntu1.18.04 Fixed Version: References: lists.opensuse.org lists.opensuse.org access.redhat.com access.redhat.com access.redhat.com cve.mitre.org errata.almalinux.org linux.oracle.com linux.oracle.com lists.gnu.org lists.gnu.org security.gentoo.org ubuntu.com |
|
LOW |
CVE-2019-17595: ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.cThere is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.Package Name: ncurses-bin Installed Version: 6.1-1ubuntu1.18.04 Fixed Version: References: lists.opensuse.org lists.opensuse.org access.redhat.com access.redhat.com access.redhat.com cve.mitre.org errata.almalinux.org linux.oracle.com linux.oracle.com lists.gnu.org lists.gnu.org security.gentoo.org ubuntu.com |
|
LOW |
CVE-2021-39537: ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.cAn issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.Package Name: ncurses-bin Installed Version: 6.1-1ubuntu1.18.04 Fixed Version: References: cvsweb.netbsd.org seclists.org seclists.org seclists.org seclists.org access.redhat.com cve.mitre.org lists.gnu.org lists.gnu.org nvd.nist.gov support.apple.com support.apple.com support.apple.com ubuntu.com |
|
LOW |
CVE-2022-29458: ncurses: segfaulting OOB readncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.Package Name: ncurses-bin Installed Version: 6.1-1ubuntu1.18.04 Fixed Version: References: seclists.org access.redhat.com cve.mitre.org invisible-island.net lists.debian.org lists.gnu.org lists.gnu.org nvd.nist.gov support.apple.com ubuntu.com |
|
LOW |
CVE-2013-4235: shadow-utils: TOCTOU race conditions by copying and removing directory treesshadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory treesPackage Name: passwd Installed Version: 1:4.5-1ubuntu2.3 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com cve.mitre.org github.com github.com lists.apache.org security-tracker.debian.org security.gentoo.org |
|
Target: | Java | |
HIGH |
CVE-2022-42003: jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYSIn FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. Additional fix version in 2.13.4.1 and 2.12.17.1Package Name: com.fasterxml.jackson.core:jackson-databind Installed Version: 2.13.4 Fixed Version: 2.12.7.1, 2.13.4.1 References: access.redhat.com bugs.chromium.org cve.mitre.org github.com github.com github.com github.com github.com github.com github.com nvd.nist.gov security.gentoo.org www.debian.org |
|
HIGH |
CVE-2022-25857: snakeyaml: Denial of Service due to missing nested depth limitation for collectionsThe package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.Package Name: org.yaml:snakeyaml Installed Version: 1.30 Fixed Version: 1.31 References: access.redhat.com access.redhat.com access.redhat.com bitbucket.org bitbucket.org bugzilla.redhat.com errata.almalinux.org github.com github.com linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov security.snyk.io |
|
MEDIUM |
CVE-2022-31684: reactor-netty-http: Log request headers in some cases of invalid HTTP requestsReactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log request headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where logging at WARN level is enabled.Package Name: io.projectreactor.netty:reactor-netty-http Installed Version: 1.0.23 Fixed Version: 1.0.24 References: access.redhat.com github.com nvd.nist.gov tanzu.vmware.com |
|
MEDIUM |
CVE-2022-38749: snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNodeUsing snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.Package Name: org.yaml:snakeyaml Installed Version: 1.30 Fixed Version: 1.31 References: access.redhat.com bitbucket.org bugs.chromium.org github.com lists.debian.org nvd.nist.gov |
|
MEDIUM |
CVE-2022-38750: snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectUsing snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.Package Name: org.yaml:snakeyaml Installed Version: 1.30 Fixed Version: 1.31 References: access.redhat.com bitbucket.org bugs.chromium.org github.com lists.debian.org nvd.nist.gov |
|
MEDIUM |
CVE-2022-38751: snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.matchUsing snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.Package Name: org.yaml:snakeyaml Installed Version: 1.30 Fixed Version: 1.31 References: access.redhat.com bitbucket.org bitbucket.org bugs.chromium.org github.com lists.debian.org nvd.nist.gov |
|
MEDIUM |
CVE-2022-38752: snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCodeUsing snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.Package Name: org.yaml:snakeyaml Installed Version: 1.30 Fixed Version: 1.32 References: access.redhat.com bitbucket.org bugs.chromium.org github.com nvd.nist.gov |
|
MEDIUM |
CVE-2022-41854: Those using Snakeyaml to parse untrusted YAML files may be vulnerable ...Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.Package Name: org.yaml:snakeyaml Installed Version: 1.30 Fixed Version: References: bitbucket.org bitbucket.org bugs.chromium.org github.com nvd.nist.gov |
These instructions assume you have setup the repository first (or read it).
To pull contentgrid/solon @ reference/tag sha256:810af5802e7d3b63c416c40e8e9706a73238e959c63ac41efa4b7d6846fbfd05:
docker pull open-source.docker.xenit.eu/contentgrid/solon@sha256:810af5802e7d3b63c416c40e8e9706a73238e959c63ac41efa4b7d6846fbfd05
You can also pull the latest version of this image (if it exists):
docker pull open-source.docker.xenit.eu/contentgrid/solon:latest
To refer to this image after pulling in a Dockerfile, specify the following:
FROM open-source.docker.xenit.eu/contentgrid/solon@sha256:810af5802e7d3b63c416c40e8e9706a73238e959c63ac41efa4b7d6846fbfd05