rpm package
opensuse/podman&distro=openSUSE Leap 15.2
pkg:rpm/opensuse/podman&distro=openSUSE%20Leap%2015.2
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-14370 | — | < 2.1.1-lp152.4.6.1 | 2.1.1-lp152.4.6.1 | Sep 23, 2020 | An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container wil | ||
| CVE-2020-10696 | — | < 2.2.1-lp152.4.9.1 | 2.2.1-lp152.4.9.1 | Mar 31, 2020 | A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions. | ||
| CVE-2020-1726 | — | < 2.0.6-lp152.4.3.1 | 2.0.6-lp152.4.3.1 | Feb 11, 2020 | A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used | ||
| CVE-2019-10214 | — | < 2.2.1-lp152.4.9.1 | 2.2.1-lp152.4.9.1 | Nov 25, 2019 | The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulne |
- CVE-2020-14370Sep 23, 2020affected < 2.1.1-lp152.4.6.1fixed 2.1.1-lp152.4.6.1
An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container wil
- CVE-2020-10696Mar 31, 2020affected < 2.2.1-lp152.4.9.1fixed 2.2.1-lp152.4.9.1
A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.
- CVE-2020-1726Feb 11, 2020affected < 2.0.6-lp152.4.3.1fixed 2.0.6-lp152.4.3.1
A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used
- CVE-2019-10214Nov 25, 2019affected < 2.2.1-lp152.4.9.1fixed 2.2.1-lp152.4.9.1
The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulne