Filtered by vendor Redhat Subscriptions
Filtered by product Rhel Extras Other Subscriptions
Total 61 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-21626 3 Fedoraproject, Linuxfoundation, Redhat 10 Fedora, Runc, Enterprise Linux and 7 more 2024-11-21 8.6 High
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.
CVE-2023-30861 2 Palletsprojects, Redhat 5 Flask, Openshift Ironic, Openstack and 2 more 2024-11-21 7.5 High
Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches `Set-Cookie` headers, it may send one client's `session` cookie to other clients. The severity depends on the application's use of the session and the proxy's behavior regarding cookies. The risk depends on all these conditions being met. 1. The application must be hosted behind a caching proxy that does not strip cookies or ignore responses with cookies. 2. The application sets `session.permanent = True` 3. The application does not access or modify the session at any point during a request. 4. `SESSION_REFRESH_EACH_REQUEST` enabled (the default). 5. The application does not set a `Cache-Control` header to indicate that a page is private or should not be cached. This happens because vulnerable versions of Flask only set the `Vary: Cookie` header when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified. This issue has been fixed in versions 2.3.2 and 2.2.5.
CVE-2022-2739 2 Podman Project, Redhat 4 Podman, Enterprise Linux Server, Enterprise Linux Workstation and 1 more 2024-11-21 5.3 Medium
The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-14370, which was previously fixed via RHSA-2020:5056. This issue could possibly allow an attacker to gain access to sensitive information stored in environment variables.
CVE-2022-2738 2 Podman Project, Redhat 4 Podman, Enterprise Linux Server, Enterprise Linux Workstation and 1 more 2024-11-21 7.5 High
The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117. This issue could possibly be used to crash or cause potential code execution in Go applications that use the Go GPGME wrapper library, under certain conditions, during GPG signature verification.
CVE-2022-2132 4 Debian, Dpdk, Fedoraproject and 1 more 15 Debian Linux, Data Plane Development Kit, Fedora and 12 more 2024-11-21 8.6 High
A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.
CVE-2022-1227 4 Fedoraproject, Podman Project, Psgo Project and 1 more 19 Fedora, Podman, Psgo and 16 more 2024-11-21 8.8 High
A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.
CVE-2021-30465 3 Fedoraproject, Linuxfoundation, Redhat 6 Fedora, Runc, Enterprise Linux and 3 more 2024-11-21 8.5 High
runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.
CVE-2021-20188 2 Podman Project, Redhat 5 Podman, Enterprise Linux, Openshift Container Platform and 2 more 2024-11-21 7.0 High
A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged container are not correctly checked. This flaw can be abused by a low-privileged user inside the container to access any other file in the container, even if owned by the root user inside the container. It does not allow to directly escape the container, though being a privileged container means that a lot of security features are disabled when running the container. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2020-8945 3 Fedoraproject, Gpgme Project, Redhat 12 Fedora, Gpgme, Enterprise Linux and 9 more 2024-11-21 7.5 High
The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification.
CVE-2020-8608 4 Debian, Libslirp Project, Opensuse and 1 more 11 Debian Linux, Libslirp, Leap and 8 more 2024-11-21 5.6 Medium
In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.
CVE-2020-7039 5 Debian, Libslirp Project, Opensuse and 2 more 12 Debian Linux, Libslirp, Leap and 9 more 2024-11-21 5.6 Medium
tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.
CVE-2020-1702 2 Containers-image Project, Redhat 4 Containers-image, Enterprise Linux, Openshift and 1 more 2024-11-21 3.3 Low
A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux using podman, or OpenShift Container Platform. An attacker can use this flaw to trick a user, with privileges to pull container images, into crashing the process responsible for pulling the image. This flaw affects containers-image versions before 5.2.0.
CVE-2020-15112 3 Etcd, Fedoraproject, Redhat 5 Etcd, Fedora, Openshift and 2 more 2024-11-21 6.5 Medium
In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime panic when reading the entry.
CVE-2020-15106 3 Etcd, Fedoraproject, Redhat 5 Etcd, Fedora, Openshift and 2 more 2024-11-21 6.5 Medium
In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL.
CVE-2020-14370 3 Fedoraproject, Podman Project, Redhat 6 Fedora, Podman, Enterprise Linux and 3 more 2024-11-21 5.3 Medium
An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container will get leaked into subsequent containers. An attacker who has control over the subsequent containers could use this flaw to gain access to sensitive information stored in such variables.
CVE-2020-14300 2 Docker, Redhat 3 Docker, Enterprise Linux Server, Rhel Extras Other 2024-11-21 8.8 High
The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 (https://access.redhat.com/errata/RHBA-2020:0053) included an incorrect version of runc that was missing multiple bug and security fixes. One of the fixes regressed in that update was the fix for CVE-2016-9962, that was previously corrected in the docker packages in Red Hat Enterprise Linux 7 Extras via RHSA-2017:0116 (https://access.redhat.com/errata/RHSA-2017:0116). The CVE-2020-14300 was assigned to this security regression and it is specific to the docker packages produced by Red Hat. The original issue - CVE-2016-9962 - could possibly allow a process inside container to compromise a process entering container namespace and execute arbitrary code outside of the container. This could lead to compromise of the container host or other containers running on the same container host. This issue only affects a single version of Docker, 1.13.1-108.git4ef4b30, shipped in Red Hat Enterprise Linux 7. Both earlier and later versions are not affected.
CVE-2020-14298 2 Docker, Redhat 4 Docker, Enterprise Linux Server, Openshift Container Platform and 1 more 2024-11-21 8.8 High
The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. This issue could allow a malicious or compromised container to compromise the container host and other containers running on the same host. This issue only affects docker version 1.13.1-108.git4ef4b30.el7, shipped in Red Hat Enterprise Linux 7 Extras. Both earlier and later versions are not affected.
CVE-2020-14040 3 Fedoraproject, Golang, Redhat 16 Fedora, Text, 3scale Amp and 13 more 2024-11-21 7.5 High
The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String.
CVE-2020-10749 3 Fedoraproject, Linuxfoundation, Redhat 7 Fedora, Cni Network Plugins, Container Native Virtualization and 4 more 2024-11-21 6 Medium
A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container.
CVE-2020-10723 6 Canonical, Dpdk, Fedoraproject and 3 more 10 Ubuntu Linux, Data Plane Development Kit, Fedora and 7 more 2024-11-21 5.1 Medium
A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index (a UInt) is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption.