CVE-2019-25067
- EPSS 2.32%
- Veröffentlicht 09.06.2022 17:15:08
- Zuletzt bearbeitet 21.11.2024 04:39:52
A vulnerability, which was classified as critical, was found in Podman and Varlink 1.5.1. This affects an unknown part of the component API. The manipulation leads to Remote Privilege Escalation. It is possible to initiate the attack remotely. The ex...
CVE-2022-1227
- EPSS 4.24%
- Veröffentlicht 29.04.2022 16:15:08
- Zuletzt bearbeitet 21.11.2024 06:40:17
A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' co...
CVE-2022-27649
- EPSS 1.44%
- Veröffentlicht 04.04.2022 20:15:10
- Zuletzt bearbeitet 21.11.2024 06:56:05
A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabiliti...
CVE-2021-4024
- EPSS 1.06%
- Veröffentlicht 23.12.2021 20:15:12
- Zuletzt bearbeitet 21.11.2024 06:36:44
A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses o...
- EPSS 0.26%
- Veröffentlicht 11.02.2021 18:15:16
- Zuletzt bearbeitet 21.11.2024 05:46:05
A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container,...
CVE-2021-20199
- EPSS 1.11%
- Veröffentlicht 02.02.2021 19:15:14
- Zuletzt bearbeitet 21.11.2024 05:46:07
Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentica...
CVE-2020-14370
- EPSS 1.4%
- Veröffentlicht 23.09.2020 13:15:15
- Zuletzt bearbeitet 21.11.2024 05:03:06
An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variable...