Search for packages
| purl | pkg:rpm/redhat/podman@2:4.2.0-3?arch=el9 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1n1h-e2p4-9yhs
Aliases: CVE-2022-27191 GHSA-8c26-wmh5-6g9v |
golang.org/x/crypto/ssh Denial of service via crafted Signer The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey. | There are no reported fixed by versions. |
|
VCID-83z3-5q22-wycr
Aliases: CVE-2021-20199 GHSA-grh6-q6m2-rh72 |
Podman Origin Validation Error Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. This issue affects Podman versions from 1.8.0 to 3.0.0. | There are no reported fixed by versions. |
|
VCID-ayxa-s9j4-k7hd
Aliases: CVE-2021-34558 |
Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution. | There are no reported fixed by versions. |
|
VCID-hvfd-h9rm-jkbw
Aliases: CVE-2020-28852 |
golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag | There are no reported fixed by versions. |
|
VCID-mzjw-b6mh-nugs
Aliases: CVE-2021-4024 GHSA-3cf2-x423-x582 |
Exposure of Sensitive Information to an Unauthorized Actor and Origin Validation Error in podman A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host's firewall, an attacker can potentially use the `gvproxy` API to forward ports on the host to ports in the VM, making private services on the VM accessible to the network. This issue could be also used to interrupt the host's services by forwarding all ports to the VM. | There are no reported fixed by versions. |
|
VCID-pqs8-s3dm-7ff2
Aliases: CVE-2021-20291 GHSA-7qw8-847f-pggm |
Improper Locking in github.com/containers/storage A deadlock vulnerability was found in `github.com/containers/storage` in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which never finishes. An attacker could use this vulnerability to craft a malicious image, which when downloaded and stored by an application using containers/storage, would then cause a deadlock leading to a Denial of Service (DoS). | There are no reported fixed by versions. |
|
VCID-r52s-2crw-tfbx
Aliases: CVE-2020-28851 |
golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension | There are no reported fixed by versions. |
|
VCID-z1ct-cecz-mqer
Aliases: CVE-2021-33197 |
Multiple vulnerabilities have been found in Go, the worst of which could result in remote code execution. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||