VYPR

rpm package

almalinux/udica

pkg:rpm/almalinux/udica

Vulnerabilities (108)

  • CVE-2020-29652HigDec 17, 2020
    affected < 0.2.4-1.module_el8.6.0+2876+9ed4eae2fixed 0.2.4-1.module_el8.6.0+2876+9ed4eae2

    A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers.

  • CVE-2020-14370MedSep 23, 2020
    affected < 0.2.4-1.module_el8.6.0+2876+9ed4eae2fixed 0.2.4-1.module_el8.6.0+2876+9ed4eae2

    An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container wil

  • CVE-2020-1983HigApr 22, 2020
    affected < 0.2.1-2.module_el8.5.0+108+00865455fixed 0.2.1-2.module_el8.5.0+108+00865455

    A use after free vulnerability in ip_reass() in ip_input.c of libslirp 4.2.0 and prior releases allows crafted packets to cause a denial of service.

  • CVE-2020-10696HigMar 31, 2020
    affected < 0.2.1-2.module_el8.5.0+108+00865455fixed 0.2.1-2.module_el8.5.0+108+00865455

    A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.

  • CVE-2019-19921HigFeb 12, 2020
    affected < 0.2.1-2.module_el8.5.0+108+00865455fixed 0.2.1-2.module_el8.5.0+108+00865455

    runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vul

  • CVE-2020-1726MedFeb 11, 2020
    affected < 0.2.1-2.module_el8.5.0+108+00865455fixed 0.2.1-2.module_el8.5.0+108+00865455

    A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used

  • CVE-2020-8608MedFeb 6, 2020
    affected < 0.2.1-2.module_el8.5.0+108+00865455fixed 0.2.1-2.module_el8.5.0+108+00865455

    In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.

  • CVE-2020-7039MedJan 16, 2020
    affected < 0.2.1-2.module_el8.5.0+108+00865455fixed 0.2.1-2.module_el8.5.0+108+00865455

    tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.

Page 6 of 6