rpm package
almalinux/python-podman-api
pkg:rpm/almalinux/python-podman-api
Vulnerabilities (16)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-27651 | — | < 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39 | 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39 | Apr 4, 2022 | A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to p | ||
| CVE-2022-27649 | — | < 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39 | 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39 | Apr 4, 2022 | A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attack | ||
| CVE-2021-3602 | — | < 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39 | 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39 | Mar 3, 2022 | An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variables from parent and grandparent processes. When run in a container in a CI/CD en | ||
| CVE-2020-1702 | — | < 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39 | 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39 | May 27, 2021 | A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux using podman, or OpenShift Container Platform. An attacker can use this flaw to trick a user, with privileges to pull container im | ||
| CVE-2021-30465 | — | < 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39 | 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39 | May 27, 2021 | runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on | ||
| CVE-2021-20188 | — | < 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39 | 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39 | Feb 11, 2021 | A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root use | ||
| CVE-2020-14370 | — | < 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39 | 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39 | Sep 23, 2020 | An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container wil | ||
| CVE-2020-10756 | — | < 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39 | 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39 | Jul 9, 2020 | An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of | ||
| CVE-2020-14040 | — | < 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39 | 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39 | Jun 17, 2020 | The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM o | ||
| CVE-2020-10749 | — | < 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39 | 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39 | Jun 3, 2020 | A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertiseme | ||
| CVE-2020-1983 | — | < 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39 | 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39 | Apr 22, 2020 | A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service. | ||
| CVE-2020-10696 | — | < 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39 | 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39 | Mar 31, 2020 | A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions. | ||
| CVE-2019-19921 | — | < 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39 | 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39 | Feb 12, 2020 | runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vul | ||
| CVE-2020-1726 | — | < 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39 | 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39 | Feb 11, 2020 | A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used | ||
| CVE-2020-8608 | — | < 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39 | 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39 | Feb 6, 2020 | In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code. | ||
| CVE-2020-7039 | — | < 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39 | 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39 | Jan 16, 2020 | tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code. |
- CVE-2022-27651Apr 4, 2022affected < 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39fixed 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39
A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to p
- CVE-2022-27649Apr 4, 2022affected < 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39fixed 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39
A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attack
- CVE-2021-3602Mar 3, 2022affected < 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39fixed 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39
An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variables from parent and grandparent processes. When run in a container in a CI/CD en
- CVE-2020-1702May 27, 2021affected < 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39fixed 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39
A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux using podman, or OpenShift Container Platform. An attacker can use this flaw to trick a user, with privileges to pull container im
- CVE-2021-30465May 27, 2021affected < 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39fixed 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39
runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on
- CVE-2021-20188Feb 11, 2021affected < 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39fixed 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39
A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root use
- CVE-2020-14370Sep 23, 2020affected < 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39fixed 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39
An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container wil
- CVE-2020-10756Jul 9, 2020affected < 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39fixed 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39
An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of
- CVE-2020-14040Jun 17, 2020affected < 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39fixed 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39
The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM o
- CVE-2020-10749Jun 3, 2020affected < 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39fixed 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39
A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertiseme
- CVE-2020-1983Apr 22, 2020affected < 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39fixed 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39
A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.
- CVE-2020-10696Mar 31, 2020affected < 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39fixed 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39
A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.
- CVE-2019-19921Feb 12, 2020affected < 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39fixed 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39
runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vul
- CVE-2020-1726Feb 11, 2020affected < 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39fixed 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39
A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used
- CVE-2020-8608Feb 6, 2020affected < 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39fixed 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39
In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.
- CVE-2020-7039Jan 16, 2020affected < 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39fixed 1.2.0-0.2.gitd0a45fe.module_el8.5.0+2635+e4386a39
tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.