Search for packages
| purl | pkg:rpm/redhat/podman@1.9.3-3.rhaos4.6?arch=el8 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-ckg3-5czq-t7ek
Aliases: CVE-2020-14370 GHSA-c3wv-qmjj-45r6 |
Information disclosure in podman An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container will get leaked into subsequent containers. An attacker who has control over the subsequent containers could use this flaw to gain access to sensitive information stored in such variables. | There are no reported fixed by versions. |
|
VCID-dwge-3up7-yyaq
Aliases: CVE-2020-16845 GHSA-q6gq-997w-f55g |
Withdrawn Advisory: Infinite loop in xz ### Withdrawn Advisory This advisory has been withdrawn because alerts cannot be issued for the Go standard library at this time. ### Original Description Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs. | There are no reported fixed by versions. |
|
VCID-n82z-sfd6-x3af
Aliases: CVE-2020-14040 GHSA-5rcv-m4m3-hfh7 |
golang.org/x/text Infinite loop Go version v0.3.3 of the x/text package fixes a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String. ### Specific Go Packages Affected golang.org/x/text/encoding/unicode golang.org/x/text/transform | There are no reported fixed by versions. |
|
VCID-w9qm-pwnh-4ydj
Aliases: CVE-2020-15586 |
golang: data race in certain net/http servers including ReverseProxy can lead to DoS | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T14:06:08.539234+00:00 | RedHat Importer | Affected by | VCID-n82z-sfd6-x3af | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14040.json | 38.0.0 |
| 2026-04-01T14:05:49.966440+00:00 | RedHat Importer | Affected by | VCID-w9qm-pwnh-4ydj | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15586.json | 38.0.0 |
| 2026-04-01T14:05:14.445007+00:00 | RedHat Importer | Affected by | VCID-dwge-3up7-yyaq | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-16845.json | 38.0.0 |
| 2026-04-01T14:04:25.684111+00:00 | RedHat Importer | Affected by | VCID-ckg3-5czq-t7ek | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14370.json | 38.0.0 |