VYPR

rpm package

suse/podman&distro=SUSE Linux Enterprise Module for Containers 15 SP1

pkg:rpm/suse/podman&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP1

Vulnerabilities (7)

  • CVE-2020-14370Sep 23, 2020
    affected < 2.1.1-4.28.1fixed 2.1.1-4.28.1

    An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container wil

  • CVE-2020-1726Feb 11, 2020
    affected < 2.0.6-4.25.1fixed 2.0.6-4.25.1

    A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used

  • CVE-2019-10214Nov 25, 2019
    affected < 1.4.4-4.11.1fixed 1.4.4-4.11.1

    The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulne

  • CVE-2019-18466Oct 28, 2019
    affected < 1.8.0-4.14.1fixed 1.8.0-4.14.1

    An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an undesired glob operation occurs. An attacker could create a container image containing particular symlinks that,

  • CVE-2019-10152Jul 30, 2019
    affected < 1.4.4-4.8.1fixed 1.4.4-4.8.1

    A path traversal vulnerability has been discovered in podman before version 1.4.0 in the way it handles symlinks inside containers. An attacker who has compromised an existing container can cause arbitrary files on the host filesystem to be read/written when an administrator trie

  • CVE-2018-15664May 23, 2019
    affected < 1.4.4-4.8.1fixed 1.4.4-4.8.1

    In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do

  • CVE-2019-6778Mar 17, 2019
    affected < 1.4.4-4.8.1fixed 1.4.4-4.8.1

    In QEMU 3.0.0, tcp_emu in slirp/tcp_subr.c has a heap-based buffer overflow.