rpm package
almalinux/buildah-tests
pkg:rpm/almalinux/buildah-tests
Vulnerabilities (105)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-33198 | — | < 1:1.27.0-2.el9 | 1:1.27.0-2.el9 | Aug 2, 2021 | In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method. | ||
| CVE-2021-33197 | — | < 1:1.27.0-2.el9 | 1:1.27.0-2.el9 | Aug 2, 2021 | In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers. | ||
| CVE-2021-33195 | — | < 1:1.27.0-2.el9 | 1:1.27.0-2.el9 | Aug 2, 2021 | Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format. | ||
| CVE-2021-20291 | — | < 1:1.27.0-2.el9 | 1:1.27.0-2.el9 | Apr 1, 2021 | A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation wh | ||
| CVE-2019-19921 | — | < 1:1.24.6-7.module_el8.9.0+3627+db8ec155 | 1:1.24.6-7.module_el8.9.0+3627+db8ec155 | Feb 12, 2020 | runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vul |
- CVE-2021-33198Aug 2, 2021affected < 1:1.27.0-2.el9fixed 1:1.27.0-2.el9
In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.
- CVE-2021-33197Aug 2, 2021affected < 1:1.27.0-2.el9fixed 1:1.27.0-2.el9
In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.
- CVE-2021-33195Aug 2, 2021affected < 1:1.27.0-2.el9fixed 1:1.27.0-2.el9
Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.
- CVE-2021-20291Apr 1, 2021affected < 1:1.27.0-2.el9fixed 1:1.27.0-2.el9
A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation wh
- CVE-2019-19921Feb 12, 2020affected < 1:1.24.6-7.module_el8.9.0+3627+db8ec155fixed 1:1.24.6-7.module_el8.9.0+3627+db8ec155
runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vul
Page 6 of 6