rpm package
opensuse/podman&distro=openSUSE Leap 15.3
pkg:rpm/opensuse/podman&distro=openSUSE%20Leap%2015.3
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-2989 | — | < 3.4.7-150300.9.12.1 | 3.4.7-150300.9.12.1 | Sep 13, 2022 | An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissio | ||
| CVE-2022-1227 | — | < 3.4.7-150300.9.9.2 | 3.4.7-150300.9.9.2 | Apr 29, 2022 | A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the a | ||
| CVE-2022-27191 | — | < 3.4.7-150300.9.9.2 | 3.4.7-150300.9.9.2 | Mar 18, 2022 | The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey. | ||
| CVE-2022-21698 | — | < 3.4.7-150300.9.9.2 | 3.4.7-150300.9.9.2 | Feb 15, 2022 | client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounde |
- CVE-2022-2989Sep 13, 2022affected < 3.4.7-150300.9.12.1fixed 3.4.7-150300.9.12.1
An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissio
- CVE-2022-1227Apr 29, 2022affected < 3.4.7-150300.9.9.2fixed 3.4.7-150300.9.9.2
A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the a
- CVE-2022-27191Mar 18, 2022affected < 3.4.7-150300.9.9.2fixed 3.4.7-150300.9.9.2
The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.
- CVE-2022-21698Feb 15, 2022affected < 3.4.7-150300.9.9.2fixed 3.4.7-150300.9.9.2
client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounde