rpm package
suse/podman&distro=SUSE Linux Enterprise Module for Containers 15 SP1
pkg:rpm/suse/podman&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP1
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-14370 | — | < 2.1.1-4.28.1 | 2.1.1-4.28.1 | Sep 23, 2020 | An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container wil | ||
| CVE-2020-1726 | — | < 2.0.6-4.25.1 | 2.0.6-4.25.1 | Feb 11, 2020 | A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used | ||
| CVE-2019-10214 | — | < 1.4.4-4.11.1 | 1.4.4-4.11.1 | Nov 25, 2019 | The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulne | ||
| CVE-2019-18466 | — | < 1.8.0-4.14.1 | 1.8.0-4.14.1 | Oct 28, 2019 | An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an undesired glob operation occurs. An attacker could create a container image containing particular symlinks that, | ||
| CVE-2019-10152 | — | < 1.4.4-4.8.1 | 1.4.4-4.8.1 | Jul 30, 2019 | A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers. An attacker who has compromised an existing container can cause arbitrary files on the host filesystem to be read/written when an administrator trie | ||
| CVE-2018-15664 | — | < 1.4.4-4.8.1 | 1.4.4-4.8.1 | May 23, 2019 | In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do | ||
| CVE-2019-6778 | — | < 1.4.4-4.8.1 | 1.4.4-4.8.1 | Mar 17, 2019 | In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow. |
- CVE-2020-14370Sep 23, 2020affected < 2.1.1-4.28.1fixed 2.1.1-4.28.1
An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container wil
- CVE-2020-1726Feb 11, 2020affected < 2.0.6-4.25.1fixed 2.0.6-4.25.1
A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used
- CVE-2019-10214Nov 25, 2019affected < 1.4.4-4.11.1fixed 1.4.4-4.11.1
The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulne
- CVE-2019-18466Oct 28, 2019affected < 1.8.0-4.14.1fixed 1.8.0-4.14.1
An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an undesired glob operation occurs. An attacker could create a container image containing particular symlinks that,
- CVE-2019-10152Jul 30, 2019affected < 1.4.4-4.8.1fixed 1.4.4-4.8.1
A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers. An attacker who has compromised an existing container can cause arbitrary files on the host filesystem to be read/written when an administrator trie
- CVE-2018-15664May 23, 2019affected < 1.4.4-4.8.1fixed 1.4.4-4.8.1
In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do
- CVE-2019-6778Mar 17, 2019affected < 1.4.4-4.8.1fixed 1.4.4-4.8.1
In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.