rpm package
suse/libcontainers-common&distro=SUSE Linux Enterprise Server 15 SP1-LTSS
pkg:rpm/suse/libcontainers-common&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-3602 | — | < 20210626-150100.3.15.1 | 20210626-150100.3.15.1 | Mar 3, 2022 | An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variables from parent and grandparent processes. When run in a container in a CI/CD en | ||
| CVE-2021-20291 | — | < 20210626-150100.3.15.1 | 20210626-150100.3.15.1 | Apr 1, 2021 | A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation wh | ||
| CVE-2021-20199 | — | < 20210626-150100.3.15.1 | 20210626-150100.3.15.1 | Feb 2, 2021 | Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. This issue affects Podma | ||
| CVE-2020-15157 | — | < 20210626-150100.3.15.1 | 20210626-150100.3.15.1 | Oct 16, 2020 | In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (otherwise | ||
| CVE-2020-14370 | — | < 20210626-150100.3.15.1 | 20210626-150100.3.15.1 | Sep 23, 2020 | An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container wil |
- CVE-2021-3602Mar 3, 2022affected < 20210626-150100.3.15.1fixed 20210626-150100.3.15.1
An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variables from parent and grandparent processes. When run in a container in a CI/CD en
- CVE-2021-20291Apr 1, 2021affected < 20210626-150100.3.15.1fixed 20210626-150100.3.15.1
A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation wh
- CVE-2021-20199Feb 2, 2021affected < 20210626-150100.3.15.1fixed 20210626-150100.3.15.1
Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. This issue affects Podma
- CVE-2020-15157Oct 16, 2020affected < 20210626-150100.3.15.1fixed 20210626-150100.3.15.1
In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (otherwise
- CVE-2020-14370Sep 23, 2020affected < 20210626-150100.3.15.1fixed 20210626-150100.3.15.1
An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container wil