rpm package
suse/podman&distro=SUSE Linux Enterprise Module for Containers 15 SP4
pkg:rpm/suse/podman&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP4
Vulnerabilities (10)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-0778 | — | < 4.4.4-150400.4.16.1 | 4.4.4-150400.4.16.1 | Mar 27, 2023 | A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system. | ||
| CVE-2022-2989 | — | < 3.4.7-150400.4.6.1 | 3.4.7-150400.4.6.1 | Sep 13, 2022 | An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissio | ||
| CVE-2022-1227 | — | < 3.4.7-150400.4.3.1 | 3.4.7-150400.4.3.1 | Apr 29, 2022 | A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the a | ||
| CVE-2022-27649 | — | < 4.3.1-150400.4.11.1 | 4.3.1-150400.4.11.1 | Apr 4, 2022 | A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attack | ||
| CVE-2022-27191 | — | < 3.4.7-150400.4.3.1 | 3.4.7-150400.4.3.1 | Mar 18, 2022 | The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey. | ||
| CVE-2022-21698 | — | < 3.4.7-150400.4.3.1 | 3.4.7-150400.4.3.1 | Feb 15, 2022 | client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounde | ||
| CVE-2021-4024 | — | < 4.3.1-150400.4.11.1 | 4.3.1-150400.4.11.1 | Dec 23, 2021 | A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is op | ||
| CVE-2021-41190 | — | < 4.3.1-150400.4.11.1 | 4.3.1-150400.4.11.1 | Nov 17, 2021 | The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operat | ||
| CVE-2021-20206 | — | < 4.3.1-150400.4.11.1 | 4.3.1-150400.4.11.1 | Mar 26, 2021 | An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsew | ||
| CVE-2021-20199 | — | < 4.3.1-150400.4.11.1 | 4.3.1-150400.4.11.1 | Feb 2, 2021 | Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. This issue affects Podma |
- CVE-2023-0778Mar 27, 2023affected < 4.4.4-150400.4.16.1fixed 4.4.4-150400.4.16.1
A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system.
- CVE-2022-2989Sep 13, 2022affected < 3.4.7-150400.4.6.1fixed 3.4.7-150400.4.6.1
An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissio
- CVE-2022-1227Apr 29, 2022affected < 3.4.7-150400.4.3.1fixed 3.4.7-150400.4.3.1
A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the a
- CVE-2022-27649Apr 4, 2022affected < 4.3.1-150400.4.11.1fixed 4.3.1-150400.4.11.1
A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attack
- CVE-2022-27191Mar 18, 2022affected < 3.4.7-150400.4.3.1fixed 3.4.7-150400.4.3.1
The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.
- CVE-2022-21698Feb 15, 2022affected < 3.4.7-150400.4.3.1fixed 3.4.7-150400.4.3.1
client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounde
- CVE-2021-4024Dec 23, 2021affected < 4.3.1-150400.4.11.1fixed 4.3.1-150400.4.11.1
A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is op
- CVE-2021-41190Nov 17, 2021affected < 4.3.1-150400.4.11.1fixed 4.3.1-150400.4.11.1
The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operat
- CVE-2021-20206Mar 26, 2021affected < 4.3.1-150400.4.11.1fixed 4.3.1-150400.4.11.1
An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsew
- CVE-2021-20199Feb 2, 2021affected < 4.3.1-150400.4.11.1fixed 4.3.1-150400.4.11.1
Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. This issue affects Podma