rpm package
almalinux/oci-systemd-hook
pkg:rpm/almalinux/oci-systemd-hook
Vulnerabilities (9)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-20188 | — | < 1:0.1.15-2.git2d0b8a3.module_el8.5.0+119+9a9ec082 | 1:0.1.15-2.git2d0b8a3.module_el8.5.0+119+9a9ec082 | Feb 11, 2021 | A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root use | ||
| CVE-2020-10696 | — | < 1:0.1.15-2.git2d0b8a3.module_el8.5.0+119+9a9ec082 | 1:0.1.15-2.git2d0b8a3.module_el8.5.0+119+9a9ec082 | Mar 31, 2020 | A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions. | ||
| CVE-2020-7039 | — | < 1:0.1.15-2.git2d0b8a3.module_el8.5.0+119+9a9ec082 | 1:0.1.15-2.git2d0b8a3.module_el8.5.0+119+9a9ec082 | Jan 16, 2020 | tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code. | ||
| CVE-2019-10214 | — | < 1:0.1.15-2.git2d0b8a3.module_el8.5.0+119+9a9ec082 | 1:0.1.15-2.git2d0b8a3.module_el8.5.0+119+9a9ec082 | Nov 25, 2019 | The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulne | ||
| CVE-2019-16884 | — | < 1:0.1.15-2.git2d0b8a3.module_el8.5.0+119+9a9ec082 | 1:0.1.15-2.git2d0b8a3.module_el8.5.0+119+9a9ec082 | Sep 25, 2019 | runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. | ||
| CVE-2019-9512 | — | < 1:0.1.15-2.git2d0b8a3.module_el8.5.0+119+9a9ec082 | 1:0.1.15-2.git2d0b8a3.module_el8.5.0+119+9a9ec082 | Aug 13, 2019 | Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consum | ||
| CVE-2019-9514 | — | < 1:0.1.15-2.git2d0b8a3.module_el8.5.0+119+9a9ec082 | 1:0.1.15-2.git2d0b8a3.module_el8.5.0+119+9a9ec082 | Aug 13, 2019 | Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer | ||
| CVE-2019-14378 | — | < 1:0.1.15-2.git2d0b8a3.module_el8.5.0+119+9a9ec082 | 1:0.1.15-2.git2d0b8a3.module_el8.5.0+119+9a9ec082 | Jul 29, 2019 | ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment. | ||
| CVE-2019-5736 | — | < 1:0.1.15-2.git2d0b8a3.module_el8.5.0+119+9a9ec082 | 1:0.1.15-2.git2d0b8a3.module_el8.5.0+119+9a9ec082 | Feb 11, 2019 | runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new conta |
- CVE-2021-20188Feb 11, 2021affected < 1:0.1.15-2.git2d0b8a3.module_el8.5.0+119+9a9ec082fixed 1:0.1.15-2.git2d0b8a3.module_el8.5.0+119+9a9ec082
A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root use
- CVE-2020-10696Mar 31, 2020affected < 1:0.1.15-2.git2d0b8a3.module_el8.5.0+119+9a9ec082fixed 1:0.1.15-2.git2d0b8a3.module_el8.5.0+119+9a9ec082
A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.
- CVE-2020-7039Jan 16, 2020affected < 1:0.1.15-2.git2d0b8a3.module_el8.5.0+119+9a9ec082fixed 1:0.1.15-2.git2d0b8a3.module_el8.5.0+119+9a9ec082
tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.
- CVE-2019-10214Nov 25, 2019affected < 1:0.1.15-2.git2d0b8a3.module_el8.5.0+119+9a9ec082fixed 1:0.1.15-2.git2d0b8a3.module_el8.5.0+119+9a9ec082
The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulne
- CVE-2019-16884Sep 25, 2019affected < 1:0.1.15-2.git2d0b8a3.module_el8.5.0+119+9a9ec082fixed 1:0.1.15-2.git2d0b8a3.module_el8.5.0+119+9a9ec082
runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory.
- CVE-2019-9512Aug 13, 2019affected < 1:0.1.15-2.git2d0b8a3.module_el8.5.0+119+9a9ec082fixed 1:0.1.15-2.git2d0b8a3.module_el8.5.0+119+9a9ec082
Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consum
- CVE-2019-9514Aug 13, 2019affected < 1:0.1.15-2.git2d0b8a3.module_el8.5.0+119+9a9ec082fixed 1:0.1.15-2.git2d0b8a3.module_el8.5.0+119+9a9ec082
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer
- CVE-2019-14378Jul 29, 2019affected < 1:0.1.15-2.git2d0b8a3.module_el8.5.0+119+9a9ec082fixed 1:0.1.15-2.git2d0b8a3.module_el8.5.0+119+9a9ec082
ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment.
- CVE-2019-5736Feb 11, 2019affected < 1:0.1.15-2.git2d0b8a3.module_el8.5.0+119+9a9ec082fixed 1:0.1.15-2.git2d0b8a3.module_el8.5.0+119+9a9ec082
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new conta