VYPR

rpm package

almalinux/skopeo

pkg:rpm/almalinux/skopeo

Vulnerabilities (104)

  • CVE-2019-19921HigFeb 12, 2020
    affected < 2:1.6.2-8.module_el8.9.0+3627+db8ec155fixed 2:1.6.2-8.module_el8.9.0+3627+db8ec155

    runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vul

  • CVE-2020-7039MedJan 16, 2020
    affected < 1:0.1.32-6.git1715c90.module_el8.4.0+2496+12421f43fixed 1:0.1.32-6.git1715c90.module_el8.4.0+2496+12421f43

    tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.

  • CVE-2019-9514HigAug 13, 2019
    affected < 1:0.1.32-6.git1715c90.module_el8.4.0+2496+12421f43fixed 1:0.1.32-6.git1715c90.module_el8.4.0+2496+12421f43

    Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer

  • CVE-2019-9512HigAug 13, 2019
    affected < 1:0.1.32-6.git1715c90.module_el8.4.0+2496+12421f43fixed 1:0.1.32-6.git1715c90.module_el8.4.0+2496+12421f43

    Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consum

Page 6 of 6