rpm package
suse/podman&distro=SUSE Linux Enterprise Server 15 SP3-LTSS
pkg:rpm/suse/podman&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS
Vulnerabilities (25)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-27649 | — | < 4.3.1-150300.9.15.1 | 4.3.1-150300.9.15.1 | Apr 4, 2022 | A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attack | ||
| CVE-2021-4024 | — | < 4.3.1-150300.9.15.1 | 4.3.1-150300.9.15.1 | Dec 23, 2021 | A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is op | ||
| CVE-2021-41190 | — | < 4.3.1-150300.9.15.1 | 4.3.1-150300.9.15.1 | Nov 17, 2021 | The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operat | ||
| CVE-2021-20206 | — | < 4.3.1-150300.9.15.1 | 4.3.1-150300.9.15.1 | Mar 26, 2021 | An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsew | ||
| CVE-2021-20199 | — | < 4.3.1-150300.9.15.1 | 4.3.1-150300.9.15.1 | Feb 2, 2021 | Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. This issue affects Podma |
- CVE-2022-27649Apr 4, 2022affected < 4.3.1-150300.9.15.1fixed 4.3.1-150300.9.15.1
A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attack
- CVE-2021-4024Dec 23, 2021affected < 4.3.1-150300.9.15.1fixed 4.3.1-150300.9.15.1
A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is op
- CVE-2021-41190Nov 17, 2021affected < 4.3.1-150300.9.15.1fixed 4.3.1-150300.9.15.1
The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operat
- CVE-2021-20206Mar 26, 2021affected < 4.3.1-150300.9.15.1fixed 4.3.1-150300.9.15.1
An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsew
- CVE-2021-20199Feb 2, 2021affected < 4.3.1-150300.9.15.1fixed 4.3.1-150300.9.15.1
Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. This issue affects Podma
Page 2 of 2