VYPR

rpm package

almalinux/libslirp

pkg:rpm/almalinux/libslirp

Vulnerabilities (100)

  • CVE-2022-1708Jun 7, 2022
    affected < 4.4.0-1.module_el8.6.0+2877+8e437bf5fixed 4.4.0-1.module_el8.6.0+2877+8e437bf5

    A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and

  • CVE-2022-29162May 17, 2022
    affected < 4.4.0-1.module_el8.6.0+2877+8e437bf5fixed 4.4.0-1.module_el8.6.0+2877+8e437bf5

    runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environme

  • CVE-2022-1227Apr 29, 2022
    affected < 4.4.0-1.module_el8.6.0+2877+8e437bf5fixed 4.4.0-1.module_el8.6.0+2877+8e437bf5

    A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the a

  • CVE-2022-27650Apr 4, 2022
    affected < 4.4.0-1.module_el8.6.0+2877+8e437bf5fixed 4.4.0-1.module_el8.6.0+2877+8e437bf5

    A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker w

  • CVE-2022-27651Apr 4, 2022
    affected < 4.3.1-1.module_el8.5.0+2636+8c48f0fcfixed 4.3.1-1.module_el8.5.0+2636+8c48f0fc

    A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to p

  • CVE-2022-27649Apr 4, 2022
    affected < 4.3.1-1.module_el8.5.0+2636+8c48f0fcfixed 4.3.1-1.module_el8.5.0+2636+8c48f0fc

    A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attack

  • CVE-2022-27191Mar 18, 2022
    affected < 4.4.0-1.module_el8.6.0+2877+8e437bf5fixed 4.4.0-1.module_el8.6.0+2877+8e437bf5

    The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.

  • CVE-2021-3602Mar 3, 2022
    affected < 4.4.0-1.module_el8.6.0+2877+8e437bf5fixed 4.4.0-1.module_el8.6.0+2877+8e437bf5

    An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variables from parent and grandparent processes. When run in a container in a CI/CD en

  • CVE-2022-21698Feb 15, 2022
    affected < 4.4.0-1.module_el8.6.0+2877+8e437bf5fixed 4.4.0-1.module_el8.6.0+2877+8e437bf5

    client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounde

  • CVE-2021-4024Dec 23, 2021
    affected < 4.4.0-2.module_el8.10.0+3876+e55593a8fixed 4.4.0-2.module_el8.10.0+3876+e55593a8

    A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is op

  • CVE-2021-33198Aug 2, 2021
    affected < 4.4.0-2.module_el8.10.0+3876+e55593a8fixed 4.4.0-2.module_el8.10.0+3876+e55593a8

    In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.

  • CVE-2021-30465May 27, 2021
    affected < 4.3.1-1.module_el8.6.0+2876+9ed4eae2fixed 4.3.1-1.module_el8.6.0+2876+9ed4eae2

    runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on

  • CVE-2021-20291Apr 1, 2021
    affected < 4.4.0-1.module_el8.6.0+2877+8e437bf5fixed 4.4.0-1.module_el8.6.0+2877+8e437bf5

    A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation wh

  • CVE-2021-20199Feb 2, 2021
    affected < 4.3.1-1.module_el8.6.0+2876+9ed4eae2fixed 4.3.1-1.module_el8.6.0+2876+9ed4eae2

    Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. This issue affects Podma

  • CVE-2020-29652Dec 17, 2020
    affected < 4.3.1-1.module_el8.6.0+2876+9ed4eae2fixed 4.3.1-1.module_el8.6.0+2876+9ed4eae2

    A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers.

  • CVE-2020-14370Sep 23, 2020
    affected < 4.3.1-1.module_el8.6.0+2876+9ed4eae2fixed 4.3.1-1.module_el8.6.0+2876+9ed4eae2

    An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container wil

  • CVE-2020-10756Jul 9, 2020
    affected < 4.3.1-1.module_el8.6.0+2876+9ed4eae2fixed 4.3.1-1.module_el8.6.0+2876+9ed4eae2

    An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of

  • CVE-2020-14040Jun 17, 2020
    affected < 4.3.1-1.module_el8.6.0+2876+9ed4eae2fixed 4.3.1-1.module_el8.6.0+2876+9ed4eae2

    The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM o

  • CVE-2020-10749Jun 3, 2020
    affected < 4.3.1-1.module_el8.6.0+2876+9ed4eae2fixed 4.3.1-1.module_el8.6.0+2876+9ed4eae2

    A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertiseme

  • CVE-2019-19921Feb 12, 2020
    affected < 4.4.0-1.module_el8.6.0+2877+8e437bf5fixed 4.4.0-1.module_el8.6.0+2877+8e437bf5

    runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vul

Page 5 of 5