rpm package
suse/fuse3&distro=SUSE Linux Enterprise Module for Containers 15 SP1
pkg:rpm/suse/fuse3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP1
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-10152 | — | < 3.6.1-3.3.8 | 3.6.1-3.3.8 | Jul 30, 2019 | A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers. An attacker who has compromised an existing container can cause arbitrary files on the host filesystem to be read/written when an administrator trie | ||
| CVE-2018-15664 | — | < 3.6.1-3.3.8 | 3.6.1-3.3.8 | May 23, 2019 | In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do | ||
| CVE-2019-6778 | — | < 3.6.1-3.3.8 | 3.6.1-3.3.8 | Mar 17, 2019 | In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow. |
- CVE-2019-10152Jul 30, 2019affected < 3.6.1-3.3.8fixed 3.6.1-3.3.8
A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers. An attacker who has compromised an existing container can cause arbitrary files on the host filesystem to be read/written when an administrator trie
- CVE-2018-15664May 23, 2019affected < 3.6.1-3.3.8fixed 3.6.1-3.3.8
In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do
- CVE-2019-6778Mar 17, 2019affected < 3.6.1-3.3.8fixed 3.6.1-3.3.8
In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.