Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
podman project podman vulnerabilities and exploits
(subscribe to this query)
3.3
CVSSv3
CVE-2022-4123
A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality.
Podman Project Podman 4.2.1
Podman Project Podman 4.1.1
Podman Project Podman 4.2.0
Podman Project Podman 4.1.0
Podman Project Podman 4.3.0
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
5.9
CVSSv3
CVE-2021-20199
Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. This issue affects Podma...
Podman Project Podman
8.8
CVSSv3
CVE-2019-25067
A vulnerability, which was classified as critical, was found in Podman and Varlink 1.5.1. This affects an unknown part of the component API. The manipulation leads to Remote Privilege Escalation. It is possible to initiate the attack remotely. The exploit has been disclosed to th...
Podman Project Podman 1.5.1
Varlink Varlink 1.5.1
6.8
CVSSv3
CVE-2023-0778
A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system.
Podman Project Podman -
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
5.3
CVSSv3
CVE-2022-4122
A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure.
Podman Project Podman 4.3.0
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
6.5
CVSSv3
CVE-2021-4024
A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is op...
Podman Project Podman
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Redhat Enterprise Linux 8.0
7
CVSSv3
CVE-2021-20188
A flaw was found in podman prior to 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root u...
Podman Project Podman
Redhat Openshift Container Platform 3.11
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 8.0
5.3
CVSSv3
CVE-2022-2739
The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-14370, which was previously fixed via RHSA-2020:5056. This issue could possibly allow an malicious user to gain...
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Podman Project Podman 1.6.4-32.el7 9
7.5
CVSSv3
CVE-2022-2738
The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117. This issue could possibly be used to crash or cause potent...
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Podman Project Podman 1.6.4-32.el7 9
7.1
CVSSv3
CVE-2022-2989
An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissio...
Podman Project Podman
Redhat Enterprise Linux 7.0
Redhat Openshift Container Platform 3.11
Redhat Enterprise Linux 8.0
Redhat Openshift Container Platform 4.0
Redhat Enterprise Linux 9.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
firmware
CVE-2006-4304
CVE-2024-32878
CVE-2024-31502
XSS
CVE-2024-3059
CVE-2024-33692
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »