rpm package
almalinux/cockpit-podman
pkg:rpm/almalinux/cockpit-podman
Vulnerabilities (104)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-10696 | Hig | 8.8 | < 11-1.module_el8.5.0+108+00865455 | 11-1.module_el8.5.0+108+00865455 | Mar 31, 2020 | A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions. | |
| CVE-2019-19921 | Hig | 7.0 | < 46-1.module_el8.7.0+3344+5bcd850f | 46-1.module_el8.7.0+3344+5bcd850f | Feb 12, 2020 | runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vul | |
| CVE-2020-8608 | Med | 5.6 | < 11-1.module_el8.5.0+108+00865455 | 11-1.module_el8.5.0+108+00865455 | Feb 6, 2020 | In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code. | |
| CVE-2020-7039 | Med | 5.6 | < 11-1.module_el8.5.0+108+00865455 | 11-1.module_el8.5.0+108+00865455 | Jan 16, 2020 | tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code. |
- affected < 11-1.module_el8.5.0+108+00865455fixed 11-1.module_el8.5.0+108+00865455
A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.
- affected < 46-1.module_el8.7.0+3344+5bcd850ffixed 46-1.module_el8.7.0+3344+5bcd850f
runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vul
- affected < 11-1.module_el8.5.0+108+00865455fixed 11-1.module_el8.5.0+108+00865455
In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.
- affected < 11-1.module_el8.5.0+108+00865455fixed 11-1.module_el8.5.0+108+00865455
tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.
Page 6 of 6