You can use boolean logic (e.g. AND/OR/NOT) for complex search queries. For more help and examples, see the search documentation.
Search by package name:
my-package
(implicit)
name:my-package
(explicit)
Search by package filename:
my-package.ext
(implicit)
filename:my-package.ext
(explicit)
Search by package tag:
latest
(implicit)
tag:latest
(explicit)
Search by package version:
1.0.0
(implicit)
version:1.0.0
(explicit)
prerelease:true
(prereleases)
prerelease:false
(no prereleases)
Search by package architecture:
architecture:x86_64
Search by package distribution:
distribution:el
Search by package license:
license:MIT
Search by package format:
format:deb
Search by package status:
status:in_progress
Search by package file checksum:
checksum:5afba
Search by package security status:
severity:critical
Search by package vulnerabilities:
vulnerabilities:>1
vulnerabilities:<1000
Search by # of package downloads:
downloads:>8
downloads:<100
Search by package type:
type:binary
type:source
Search by package size (bytes):
size:>50000
size:<10000
Search by dependency name/version:
dependency:log4j
dependency:log4j=1.0.0
dependency:log4j>1.0.0
Search by uploaded date:
uploaded:>"1 day ago"
uploaded:<"August 14, 2022 EST"
Search by entitlement token (identifier):
entitlement:3lKPVJPosCsY
Search by policy violation:
policy_violated:true
deny_policy_violated:true
license_policy_violated:true
vulnerability_policy_violated:true
Search by repository:
repository:repo-name
Search queries for all Debian-specific (and related) package types
Search by component:
deb_component:unstable
Search queries for all Maven-specific (and related) package types
Search by group ID:
maven_group_id:org.apache
Search queries for all Docker-specific (and related) package types
Search by image digest:
docker_image_digest:sha256:7c5..6d4
(full hashref only)
Search by layer digest:
docker_layer_digest:sha256:4c4..ae4
(full hashref only)
Field type modifiers (depending on the type, you can influence behaviour)
For all queries, you can use:
~foo
for negation
For string queries, you can use:
^foo
to anchor to start of term
foo$
to anchor to end of term
foo*bar
for fuzzy matching
For number/date or version queries, you can use:
>foo
for values greater than
>=foo
for values greater / equal
<foo
for values less than
<=foo
for values less / equal
Need a secure and centralised artifact repository to deliver Alpine,
Cargo,
CocoaPods,
Composer,
Conan,
Conda,
CRAN,
Dart,
Debian,
Docker,
Go,
Helm,
Hex,
LuaRocks,
Maven,
npm,
NuGet,
P2,
Python,
RedHat,
Ruby,
Swift,
Terraform,
Vagrant,
Raw & More packages?
Cloudsmith is the new standard in Package / Artifact Management and Software Distribution.
With support for all major package formats, you can trust us to manage your software supply chain.
contentgrid/webhooks d1fe5159a3dba88e954dfdc6389…
One-liner (summary)
Description
Status | Completed |
---|---|
GPG Signature | |
Storage Region | Frankfurt, Germany |
Type | Binary (contains binaries and binary artifacts) |
Uploaded At | 1 year, 10 months ago |
Uploaded By | |
Slug Id | contentgridwebhooks-eFy |
Unique Id | kPoI7XM1Xcwd |
Version (Raw) | d1fe5159a3dba88e954dfdc638988ba601c59e73f068a2370a3b3ceaa9321be3 |
Version (Parsed) |
|
docker-specific metadata | |
Image Digest | sha256:d1fe5159a3dba88e954dfdc638988ba601c59e73f068a2370a3b3ceaa9321be3 |
Config Digest | sha256:35582efa230987eca6d5eb1e02aa2140afd3e98719739cd99601fee5066adb0d |
V1 OCI Index Digest | sha256:1d257df3e44134cbb7849c0ba8e6a264514a784bf06dd6a7a1b212a179690bb6 |
V1 Distribution (Signed) Digest | sha256:7722bbbb0c118e70b6b0ee026756702b68e06e6c0dffc94015a776f4fb57dd49 |
V1 OCI Digest | sha256:bc8c2399b207ee940da537293ece74f2b85beca2b2e7578406f9da6a5a2f28da |
V2 Distribution List Digest | sha256:e109130ce6e277c55feba2dc7568546260706b09749269f20e5c7272616d4b62 |
V1 Distribution Digest | sha256:bd23e2ae9df3ffdc679cf82a22e590780e36dadfdd8cb0ab17284e3867244d05 |
V2 Distribution Digest | sha256:d1fe5159a3dba88e954dfdc638988ba601c59e73f068a2370a3b3ceaa9321be3 |
extended metadata | |
Manifest Type | V2 Distribution |
Architecture | amd64 |
Config | |
Created | 1980-01-01 00:00:01 UTC |
Os | linux |
This package was uploaded with the following V2 Distribution manifest:
{
"schemaVersion": 2,
"mediaType": "application/vnd.docker.distribution.manifest.v2+json",
"config": {
"mediaType": "application/vnd.docker.container.image.v1+json",
"size": 29834,
"digest": "sha256:1e1ba7d4561b8a017de82c4bf5117dbdd656e4f4d679b1b0aa4ef81b14988673"
},
"layers": [
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 26711852,
"digest": "sha256:e706e0a9f42365312b366bf4caa22f3cdd8fc7fd8f6f49b4dd3782711f66aca7"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 236,
"digest": "sha256:b693a1f47dea0193282d4a2a96bbc161bfa6370d56de788a3333d79524cdf8e4"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 270,
"digest": "sha256:e65e5d6ae1cffe5a402809602d679d9442e2c3abc9febf1f60c43ac78fb287ed"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 10577257,
"digest": "sha256:76e30007fadf7d970f38113bd10596ed504876dc1b76165e53207bdcf13461d0"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 459,
"digest": "sha256:d69421159207e8e80421f5781b009be8a31b2971f48c34a1769e7e99b48cce58"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 766,
"digest": "sha256:cfbf8ed068be5c9e9a7f8be1795fb18ca7aaec901437c8d1ec789e6ca8abbe01"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 405,
"digest": "sha256:9f2304bb727bf8fcef597b215ec24f94a4b84396ca47faba6b79deeca68b01cd"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 1419317,
"digest": "sha256:12ed1a4fe976d63871e2bbe78180a625862f008d4f1d0c9eb9572c10c89c7c4c"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 1562274,
"digest": "sha256:198b79efcdedb01c0d7986676170b72dc505ae4e952b4bc0c1627896249fe4f6"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 376,
"digest": "sha256:5c96df4fa74419241e670f997779d09d61ea9e9a79d6450bf6369070d8025b10"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 53527555,
"digest": "sha256:d6ddef23198189790286a6a4998783c47bdb2af2b3c73f284dd03cbedb8ce74e"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 273,
"digest": "sha256:9ad49796e8f672ade2af8037e0414d838adef5393d21a72ebb3af34a88a08c31"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 732773,
"digest": "sha256:286978ac4d48d600a5cd0bf311b98b6281031a64e3b2c7b75a90e44274bc1d0d"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 53897,
"digest": "sha256:02897775ee3531663c8b2fe10b1319cc0aa216e4ae97584c837ae470eb907aa0"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 260,
"digest": "sha256:956200cea8a0fdb4a2b3b7e0582034c46f2e205019c0d7b1625863e1ce5f3af4"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 283664,
"digest": "sha256:f940abec2330c03ff3b923b60fa35356e71d3ee2af72003e83b07bc3b1c27ff5"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 40500075,
"digest": "sha256:e834ff5fc8dbbc948efefff6ff45a1211110280eb4ccc652ee81ded573b97c04"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 86407,
"digest": "sha256:d536624bf987b6f0c73fd6f68927dcd96d766764410d1cbb93e8e010483b9d9b"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 32,
"digest": "sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 19653,
"digest": "sha256:f1fcf6817e60bb6a1bb99a803399cd6eca07915a3877357e9c0302df9408ec57"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 32,
"digest": "sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 938874,
"digest": "sha256:bb627384ba685a6a748e9b1ff1268ac0877cb0b3aff094e5c58c19a731150a0f"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 563,
"digest": "sha256:d459ddbf2c5c50b7919d58d212c22f3faf2856c035e81dbed4633df1300e8d61"
},
{
"mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
"size": 198,
"digest": "sha256:3a4cb709502c02c84a45e39cabd30b603b73e8e6428ab1b92d49d401da8e71be"
}
]
}
Last scanned
1 year, 10 months ago
Scan result
Vulnerable
Vulnerability count
44
Max. severity
HighTarget: | . (ubuntu 18.04) | |
MEDIUM |
CVE-2020-13844: kernel: ARM straight-line speculation vulnerabilityArm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka "straight-line speculation."Package Name: gcc-8-base Installed Version: 8.4.0-1ubuntu1~18.04 Fixed Version: References: lists.llvm.org lists.opensuse.org lists.opensuse.org access.redhat.com cve.mitre.org developer.arm.com developer.arm.com developer.arm.com gcc.gnu.org git.kernel.org |
|
MEDIUM |
CVE-2020-13844: kernel: ARM straight-line speculation vulnerabilityArm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka "straight-line speculation."Package Name: libgcc1 Installed Version: 8.4.0-1ubuntu1~18.04 Fixed Version: References: lists.llvm.org lists.opensuse.org lists.opensuse.org access.redhat.com cve.mitre.org developer.arm.com developer.arm.com developer.arm.com gcc.gnu.org git.kernel.org |
|
MEDIUM |
CVE-2020-13844: kernel: ARM straight-line speculation vulnerabilityArm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka "straight-line speculation."Package Name: libstdc++6 Installed Version: 8.4.0-1ubuntu1~18.04 Fixed Version: References: lists.llvm.org lists.opensuse.org lists.opensuse.org access.redhat.com cve.mitre.org developer.arm.com developer.arm.com developer.arm.com gcc.gnu.org git.kernel.org |
|
MEDIUM |
CVE-2020-16156: perl-CPAN: Bypass of verification of signatures in CHECKSUMS filesCPAN 2.28 allows Signature Verification Bypass.Package Name: perl-base Installed Version: 5.26.1-6ubuntu0.5 Fixed Version: 5.26.1-6ubuntu0.6 References: blogs.perl.org access.redhat.com blog.hackeriet.no cve.mitre.org lists.fedoraproject.org lists.fedoraproject.org metacpan.org ubuntu.com |
|
LOW |
CVE-2016-2781: coreutils: Non-privileged session can escape to the parent session in chrootchroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.Package Name: coreutils Installed Version: 8.28-1ubuntu1 Fixed Version: References: seclists.org www.openwall.com www.openwall.com access.redhat.com cve.mitre.org lists.apache.org lore.kernel.org nvd.nist.gov |
|
LOW |
CVE-2022-3219: gnupg: denial of service issue (resource consumption) using compressed packetsNo description is available for this CVE.Package Name: gpgv Installed Version: 2.2.4-1ubuntu1.6 Fixed Version: References: access.redhat.com cve.mitre.org marc.info |
|
LOW |
CVE-2009-5155: glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect resultIn the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.Package Name: libc-bin Installed Version: 2.27-3ubuntu1.6 Fixed Version: References: git.savannah.gnu.org access.redhat.com cve.mitre.org debbugs.gnu.org debbugs.gnu.org debbugs.gnu.org lists.apache.org lists.apache.org security.netapp.com sourceware.org sourceware.org sourceware.org support.f5.com support.f5.com ubuntu.com |
|
LOW |
CVE-2015-8985: glibc: potential denial of service in pop_fail_stack()The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.Package Name: libc-bin Installed Version: 2.27-3ubuntu1.6 Fixed Version: References: www.openwall.com www.securityfocus.com access.redhat.com bugs.debian.org cve.mitre.org security.gentoo.org sourceware.org |
|
LOW |
CVE-2016-20013sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.Package Name: libc-bin Installed Version: 2.27-3ubuntu1.6 Fixed Version: References: akkadia.org cve.mitre.org pthree.org twitter.com |
|
LOW |
CVE-2009-5155: glibc: parse_reg_exp in posix/regcomp.c misparses alternatives leading to denial of service or trigger incorrect resultIn the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.Package Name: libc6 Installed Version: 2.27-3ubuntu1.6 Fixed Version: References: git.savannah.gnu.org access.redhat.com cve.mitre.org debbugs.gnu.org debbugs.gnu.org debbugs.gnu.org lists.apache.org lists.apache.org security.netapp.com sourceware.org sourceware.org sourceware.org support.f5.com support.f5.com ubuntu.com |
|
LOW |
CVE-2015-8985: glibc: potential denial of service in pop_fail_stack()The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.Package Name: libc6 Installed Version: 2.27-3ubuntu1.6 Fixed Version: References: www.openwall.com www.securityfocus.com access.redhat.com bugs.debian.org cve.mitre.org security.gentoo.org sourceware.org |
|
LOW |
CVE-2016-20013sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.Package Name: libc6 Installed Version: 2.27-3ubuntu1.6 Fixed Version: References: akkadia.org cve.mitre.org pthree.org twitter.com |
|
LOW |
CVE-2021-43618: gmp: Integer overflow and resultant buffer overflow via crafted inputGNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.Package Name: libgmp10 Installed Version: 2:6.1.2+dfsg-2 Fixed Version: 2:6.1.2+dfsg-2ubuntu0.1 References: seclists.org www.openwall.com access.redhat.com bugs.debian.org cve.mitre.org gmplib.org gmplib.org lists.debian.org nvd.nist.gov ubuntu.com |
|
LOW |
CVE-2018-16868: gnutls: Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification and padding oracle verificationA Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.Package Name: libgnutls30 Installed Version: 3.5.18-1ubuntu1.6 Fixed Version: References: cat.eyalro.net lists.opensuse.org lists.opensuse.org www.securityfocus.com access.redhat.com bugzilla.redhat.com cve.mitre.org |
|
LOW |
CVE-2019-17594: ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.cThere is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.Package Name: libncurses5 Installed Version: 6.1-1ubuntu1.18.04 Fixed Version: References: lists.opensuse.org lists.opensuse.org access.redhat.com access.redhat.com access.redhat.com cve.mitre.org errata.almalinux.org linux.oracle.com linux.oracle.com lists.gnu.org lists.gnu.org security.gentoo.org ubuntu.com |
|
LOW |
CVE-2019-17595: ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.cThere is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.Package Name: libncurses5 Installed Version: 6.1-1ubuntu1.18.04 Fixed Version: References: lists.opensuse.org lists.opensuse.org access.redhat.com access.redhat.com access.redhat.com cve.mitre.org errata.almalinux.org linux.oracle.com linux.oracle.com lists.gnu.org lists.gnu.org security.gentoo.org ubuntu.com |
|
LOW |
CVE-2021-39537: ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.cAn issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.Package Name: libncurses5 Installed Version: 6.1-1ubuntu1.18.04 Fixed Version: References: cvsweb.netbsd.org access.redhat.com cve.mitre.org lists.gnu.org lists.gnu.org nvd.nist.gov ubuntu.com |
|
LOW |
CVE-2022-29458: ncurses: segfaulting OOB readncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.Package Name: libncurses5 Installed Version: 6.1-1ubuntu1.18.04 Fixed Version: References: access.redhat.com cve.mitre.org invisible-island.net lists.gnu.org lists.gnu.org nvd.nist.gov ubuntu.com |
|
LOW |
CVE-2019-17594: ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.cThere is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.Package Name: libncursesw5 Installed Version: 6.1-1ubuntu1.18.04 Fixed Version: References: lists.opensuse.org lists.opensuse.org access.redhat.com access.redhat.com access.redhat.com cve.mitre.org errata.almalinux.org linux.oracle.com linux.oracle.com lists.gnu.org lists.gnu.org security.gentoo.org ubuntu.com |
|
LOW |
CVE-2019-17595: ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.cThere is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.Package Name: libncursesw5 Installed Version: 6.1-1ubuntu1.18.04 Fixed Version: References: lists.opensuse.org lists.opensuse.org access.redhat.com access.redhat.com access.redhat.com cve.mitre.org errata.almalinux.org linux.oracle.com linux.oracle.com lists.gnu.org lists.gnu.org security.gentoo.org ubuntu.com |
|
LOW |
CVE-2021-39537: ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.cAn issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.Package Name: libncursesw5 Installed Version: 6.1-1ubuntu1.18.04 Fixed Version: References: cvsweb.netbsd.org access.redhat.com cve.mitre.org lists.gnu.org lists.gnu.org nvd.nist.gov ubuntu.com |
|
LOW |
CVE-2022-29458: ncurses: segfaulting OOB readncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.Package Name: libncursesw5 Installed Version: 6.1-1ubuntu1.18.04 Fixed Version: References: access.redhat.com cve.mitre.org invisible-island.net lists.gnu.org lists.gnu.org nvd.nist.gov ubuntu.com |
|
LOW |
CVE-2017-11164: pcre: OP_KETRMAX feature in the match function in pcre_exec.cIn PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.Package Name: libpcre3 Installed Version: 2:8.39-9ubuntu0.1 Fixed Version: References: openwall.com www.securityfocus.com access.redhat.com cve.mitre.org lists.apache.org |
|
LOW |
CVE-2019-17594: ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.cThere is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.Package Name: libtinfo5 Installed Version: 6.1-1ubuntu1.18.04 Fixed Version: References: lists.opensuse.org lists.opensuse.org access.redhat.com access.redhat.com access.redhat.com cve.mitre.org errata.almalinux.org linux.oracle.com linux.oracle.com lists.gnu.org lists.gnu.org security.gentoo.org ubuntu.com |
|
LOW |
CVE-2019-17595: ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.cThere is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.Package Name: libtinfo5 Installed Version: 6.1-1ubuntu1.18.04 Fixed Version: References: lists.opensuse.org lists.opensuse.org access.redhat.com access.redhat.com access.redhat.com cve.mitre.org errata.almalinux.org linux.oracle.com linux.oracle.com lists.gnu.org lists.gnu.org security.gentoo.org ubuntu.com |
|
LOW |
CVE-2021-39537: ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.cAn issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.Package Name: libtinfo5 Installed Version: 6.1-1ubuntu1.18.04 Fixed Version: References: cvsweb.netbsd.org access.redhat.com cve.mitre.org lists.gnu.org lists.gnu.org nvd.nist.gov ubuntu.com |
|
LOW |
CVE-2022-29458: ncurses: segfaulting OOB readncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.Package Name: libtinfo5 Installed Version: 6.1-1ubuntu1.18.04 Fixed Version: References: access.redhat.com cve.mitre.org invisible-island.net lists.gnu.org lists.gnu.org nvd.nist.gov ubuntu.com |
|
LOW |
CVE-2013-4235: shadow-utils: TOCTOU race conditions by copying and removing directory treesshadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory treesPackage Name: login Installed Version: 1:4.5-1ubuntu2.3 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com cve.mitre.org lists.apache.org security-tracker.debian.org |
|
LOW |
CVE-2019-17594: ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.cThere is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.Package Name: ncurses-base Installed Version: 6.1-1ubuntu1.18.04 Fixed Version: References: lists.opensuse.org lists.opensuse.org access.redhat.com access.redhat.com access.redhat.com cve.mitre.org errata.almalinux.org linux.oracle.com linux.oracle.com lists.gnu.org lists.gnu.org security.gentoo.org ubuntu.com |
|
LOW |
CVE-2019-17595: ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.cThere is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.Package Name: ncurses-base Installed Version: 6.1-1ubuntu1.18.04 Fixed Version: References: lists.opensuse.org lists.opensuse.org access.redhat.com access.redhat.com access.redhat.com cve.mitre.org errata.almalinux.org linux.oracle.com linux.oracle.com lists.gnu.org lists.gnu.org security.gentoo.org ubuntu.com |
|
LOW |
CVE-2021-39537: ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.cAn issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.Package Name: ncurses-base Installed Version: 6.1-1ubuntu1.18.04 Fixed Version: References: cvsweb.netbsd.org access.redhat.com cve.mitre.org lists.gnu.org lists.gnu.org nvd.nist.gov ubuntu.com |
|
LOW |
CVE-2022-29458: ncurses: segfaulting OOB readncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.Package Name: ncurses-base Installed Version: 6.1-1ubuntu1.18.04 Fixed Version: References: access.redhat.com cve.mitre.org invisible-island.net lists.gnu.org lists.gnu.org nvd.nist.gov ubuntu.com |
|
LOW |
CVE-2019-17594: ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.cThere is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.Package Name: ncurses-bin Installed Version: 6.1-1ubuntu1.18.04 Fixed Version: References: lists.opensuse.org lists.opensuse.org access.redhat.com access.redhat.com access.redhat.com cve.mitre.org errata.almalinux.org linux.oracle.com linux.oracle.com lists.gnu.org lists.gnu.org security.gentoo.org ubuntu.com |
|
LOW |
CVE-2019-17595: ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.cThere is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.Package Name: ncurses-bin Installed Version: 6.1-1ubuntu1.18.04 Fixed Version: References: lists.opensuse.org lists.opensuse.org access.redhat.com access.redhat.com access.redhat.com cve.mitre.org errata.almalinux.org linux.oracle.com linux.oracle.com lists.gnu.org lists.gnu.org security.gentoo.org ubuntu.com |
|
LOW |
CVE-2021-39537: ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.cAn issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow.Package Name: ncurses-bin Installed Version: 6.1-1ubuntu1.18.04 Fixed Version: References: cvsweb.netbsd.org access.redhat.com cve.mitre.org lists.gnu.org lists.gnu.org nvd.nist.gov ubuntu.com |
|
LOW |
CVE-2022-29458: ncurses: segfaulting OOB readncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.Package Name: ncurses-bin Installed Version: 6.1-1ubuntu1.18.04 Fixed Version: References: access.redhat.com cve.mitre.org invisible-island.net lists.gnu.org lists.gnu.org nvd.nist.gov ubuntu.com |
|
LOW |
CVE-2013-4235: shadow-utils: TOCTOU race conditions by copying and removing directory treesshadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory treesPackage Name: passwd Installed Version: 1:4.5-1ubuntu2.3 Fixed Version: References: access.redhat.com access.redhat.com bugzilla.redhat.com cve.mitre.org lists.apache.org security-tracker.debian.org |
|
Target: | Java | |
HIGH |
CVE-2022-42003: jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYSIn FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. Additional fix version in 2.13.4.1 and 2.12.17.1Package Name: com.fasterxml.jackson.core:jackson-databind Installed Version: 2.13.4 Fixed Version: 2.13.4.1 References: access.redhat.com bugs.chromium.org cve.mitre.org github.com github.com github.com github.com github.com nvd.nist.gov |
|
HIGH |
CVE-2022-25857: snakeyaml: Denial of Service due to missing nested depth limitation for collectionsThe package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.Package Name: org.yaml:snakeyaml Installed Version: 1.30 Fixed Version: 1.31 References: access.redhat.com access.redhat.com access.redhat.com bitbucket.org bitbucket.org bugzilla.redhat.com errata.almalinux.org github.com github.com linux.oracle.com linux.oracle.com lists.debian.org nvd.nist.gov security.snyk.io |
|
MEDIUM |
CVE-2022-31684: Invalid HTTP requests in Reactor Netty HTTP Server may reveal access tokensReactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log request headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where logging at WARN level is enabled.Package Name: io.projectreactor.netty:reactor-netty-http Installed Version: 1.0.23 Fixed Version: 1.0.24 References: github.com nvd.nist.gov tanzu.vmware.com |
|
MEDIUM |
CVE-2022-38749: snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNodeUsing snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.Package Name: org.yaml:snakeyaml Installed Version: 1.30 Fixed Version: 1.31 References: access.redhat.com bitbucket.org bugs.chromium.org github.com lists.debian.org nvd.nist.gov |
|
MEDIUM |
CVE-2022-38750: snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObjectUsing snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.Package Name: org.yaml:snakeyaml Installed Version: 1.30 Fixed Version: 1.31 References: access.redhat.com bitbucket.org bugs.chromium.org github.com lists.debian.org nvd.nist.gov |
|
MEDIUM |
CVE-2022-38751: snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.matchUsing snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.Package Name: org.yaml:snakeyaml Installed Version: 1.30 Fixed Version: 1.31 References: access.redhat.com bitbucket.org bitbucket.org bugs.chromium.org github.com lists.debian.org nvd.nist.gov |
|
MEDIUM |
CVE-2022-38752: snakeyaml: Uncaught exception in java.base/java.util.ArrayList.hashCodeUsing snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.Package Name: org.yaml:snakeyaml Installed Version: 1.30 Fixed Version: 1.32 References: access.redhat.com bitbucket.org bugs.chromium.org github.com nvd.nist.gov |
These instructions assume you have setup the repository first (or read it).
To pull contentgrid/webhooks @ reference/tag sha256:d1fe5159a3dba88e954dfdc638988ba601c59e73f068a2370a3b3ceaa9321be3:
docker pull open-source.docker.xenit.eu/contentgrid/webhooks@sha256:d1fe5159a3dba88e954dfdc638988ba601c59e73f068a2370a3b3ceaa9321be3
You can also pull the latest version of this image (if it exists):
docker pull open-source.docker.xenit.eu/contentgrid/webhooks:latest
To refer to this image after pulling in a Dockerfile, specify the following:
FROM open-source.docker.xenit.eu/contentgrid/webhooks@sha256:d1fe5159a3dba88e954dfdc638988ba601c59e73f068a2370a3b3ceaa9321be3