rpm package
almalinux/cockpit-podman
pkg:rpm/almalinux/cockpit-podman
Vulnerabilities (99)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-1708 | — | < 46-1.module_el8.7.0+3344+5bcd850f | 46-1.module_el8.7.0+3344+5bcd850f | Jun 7, 2022 | A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and | ||
| CVE-2022-29162 | — | < 46-1.module_el8.7.0+3344+5bcd850f | 46-1.module_el8.7.0+3344+5bcd850f | May 17, 2022 | runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environme | ||
| CVE-2022-1227 | — | < 43-1.module_el8.6.0+2877+8e437bf5 | 43-1.module_el8.6.0+2877+8e437bf5 | Apr 29, 2022 | A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the a | ||
| CVE-2022-27650 | — | < 43-1.module_el8.6.0+2877+8e437bf5 | 43-1.module_el8.6.0+2877+8e437bf5 | Apr 4, 2022 | A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker w | ||
| CVE-2022-27651 | — | < 29-2.module_el8.5.0+2636+8c48f0fc | 29-2.module_el8.5.0+2636+8c48f0fc | Apr 4, 2022 | A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to p | ||
| CVE-2022-27649 | — | < 29-2.module_el8.5.0+2636+8c48f0fc | 29-2.module_el8.5.0+2636+8c48f0fc | Apr 4, 2022 | A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attack | ||
| CVE-2022-27191 | — | < 46-1.module_el8.7.0+3344+5bcd850f | 46-1.module_el8.7.0+3344+5bcd850f | Mar 18, 2022 | The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey. | ||
| CVE-2021-3602 | — | < 11-1.module_el8.5.0+108+00865455 | 11-1.module_el8.5.0+108+00865455 | Mar 3, 2022 | An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variables from parent and grandparent processes. When run in a container in a CI/CD en | ||
| CVE-2022-21698 | — | < 43-1.module_el8.6.0+2877+8e437bf5 | 43-1.module_el8.6.0+2877+8e437bf5 | Feb 15, 2022 | client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounde | ||
| CVE-2021-4024 | — | < 84.1-1.module_el8.10.0+3876+e55593a8 | 84.1-1.module_el8.10.0+3876+e55593a8 | Dec 23, 2021 | A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is op | ||
| CVE-2021-33198 | — | < 84.1-1.module_el8.10.0+3876+e55593a8 | 84.1-1.module_el8.10.0+3876+e55593a8 | Aug 2, 2021 | In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method. | ||
| CVE-2021-30465 | — | < 11-1.module_el8.5.0+108+00865455 | 11-1.module_el8.5.0+108+00865455 | May 27, 2021 | runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on | ||
| CVE-2021-20188 | — | < 11-1.module_el8.5.0+108+00865455 | 11-1.module_el8.5.0+108+00865455 | Feb 11, 2021 | A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root use | ||
| CVE-2021-20199 | — | < 29-2.module_el8.6.0+2876+9ed4eae2 | 29-2.module_el8.6.0+2876+9ed4eae2 | Feb 2, 2021 | Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. This issue affects Podma | ||
| CVE-2020-29652 | — | < 29-2.module_el8.6.0+2876+9ed4eae2 | 29-2.module_el8.6.0+2876+9ed4eae2 | Dec 17, 2020 | A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers. | ||
| CVE-2020-10696 | — | < 11-1.module_el8.5.0+108+00865455 | 11-1.module_el8.5.0+108+00865455 | Mar 31, 2020 | A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions. | ||
| CVE-2019-19921 | — | < 46-1.module_el8.7.0+3344+5bcd850f | 46-1.module_el8.7.0+3344+5bcd850f | Feb 12, 2020 | runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vul | ||
| CVE-2020-8608 | — | < 11-1.module_el8.5.0+108+00865455 | 11-1.module_el8.5.0+108+00865455 | Feb 6, 2020 | In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code. | ||
| CVE-2020-7039 | — | < 11-1.module_el8.5.0+108+00865455 | 11-1.module_el8.5.0+108+00865455 | Jan 16, 2020 | tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code. |
- CVE-2022-1708Jun 7, 2022affected < 46-1.module_el8.7.0+3344+5bcd850ffixed 46-1.module_el8.7.0+3344+5bcd850f
A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and
- CVE-2022-29162May 17, 2022affected < 46-1.module_el8.7.0+3344+5bcd850ffixed 46-1.module_el8.7.0+3344+5bcd850f
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environme
- CVE-2022-1227Apr 29, 2022affected < 43-1.module_el8.6.0+2877+8e437bf5fixed 43-1.module_el8.6.0+2877+8e437bf5
A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the a
- CVE-2022-27650Apr 4, 2022affected < 43-1.module_el8.6.0+2877+8e437bf5fixed 43-1.module_el8.6.0+2877+8e437bf5
A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker w
- CVE-2022-27651Apr 4, 2022affected < 29-2.module_el8.5.0+2636+8c48f0fcfixed 29-2.module_el8.5.0+2636+8c48f0fc
A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to p
- CVE-2022-27649Apr 4, 2022affected < 29-2.module_el8.5.0+2636+8c48f0fcfixed 29-2.module_el8.5.0+2636+8c48f0fc
A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attack
- CVE-2022-27191Mar 18, 2022affected < 46-1.module_el8.7.0+3344+5bcd850ffixed 46-1.module_el8.7.0+3344+5bcd850f
The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.
- CVE-2021-3602Mar 3, 2022affected < 11-1.module_el8.5.0+108+00865455fixed 11-1.module_el8.5.0+108+00865455
An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variables from parent and grandparent processes. When run in a container in a CI/CD en
- CVE-2022-21698Feb 15, 2022affected < 43-1.module_el8.6.0+2877+8e437bf5fixed 43-1.module_el8.6.0+2877+8e437bf5
client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounde
- CVE-2021-4024Dec 23, 2021affected < 84.1-1.module_el8.10.0+3876+e55593a8fixed 84.1-1.module_el8.10.0+3876+e55593a8
A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is op
- CVE-2021-33198Aug 2, 2021affected < 84.1-1.module_el8.10.0+3876+e55593a8fixed 84.1-1.module_el8.10.0+3876+e55593a8
In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.
- CVE-2021-30465May 27, 2021affected < 11-1.module_el8.5.0+108+00865455fixed 11-1.module_el8.5.0+108+00865455
runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on
- CVE-2021-20188Feb 11, 2021affected < 11-1.module_el8.5.0+108+00865455fixed 11-1.module_el8.5.0+108+00865455
A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root use
- CVE-2021-20199Feb 2, 2021affected < 29-2.module_el8.6.0+2876+9ed4eae2fixed 29-2.module_el8.6.0+2876+9ed4eae2
Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. This issue affects Podma
- CVE-2020-29652Dec 17, 2020affected < 29-2.module_el8.6.0+2876+9ed4eae2fixed 29-2.module_el8.6.0+2876+9ed4eae2
A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers.
- CVE-2020-10696Mar 31, 2020affected < 11-1.module_el8.5.0+108+00865455fixed 11-1.module_el8.5.0+108+00865455
A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.
- CVE-2019-19921Feb 12, 2020affected < 46-1.module_el8.7.0+3344+5bcd850ffixed 46-1.module_el8.7.0+3344+5bcd850f
runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vul
- CVE-2020-8608Feb 6, 2020affected < 11-1.module_el8.5.0+108+00865455fixed 11-1.module_el8.5.0+108+00865455
In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.
- CVE-2020-7039Jan 16, 2020affected < 11-1.module_el8.5.0+108+00865455fixed 11-1.module_el8.5.0+108+00865455
tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.
Page 5 of 5