VYPR

rpm package

almalinux/buildah-tests

pkg:rpm/almalinux/buildah-tests

Vulnerabilities (105)

  • CVE-2021-33198Aug 2, 2021
    affected < 1:1.27.0-2.el9fixed 1:1.27.0-2.el9

    In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.

  • CVE-2021-33197Aug 2, 2021
    affected < 1:1.27.0-2.el9fixed 1:1.27.0-2.el9

    In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.

  • CVE-2021-33195Aug 2, 2021
    affected < 1:1.27.0-2.el9fixed 1:1.27.0-2.el9

    Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.

  • CVE-2021-20291Apr 1, 2021
    affected < 1:1.27.0-2.el9fixed 1:1.27.0-2.el9

    A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation wh

  • CVE-2019-19921Feb 12, 2020
    affected < 1:1.24.6-7.module_el8.9.0+3627+db8ec155fixed 1:1.24.6-7.module_el8.9.0+3627+db8ec155

    runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vul

Page 6 of 6