Количество 22
Количество 22
CVE-2024-9676
A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host.
CVE-2024-9676
A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host.
CVE-2024-9676
A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host.
CVE-2024-9676
CVE-2024-9676
A vulnerability was found in Podman, Buildah, and CRI-O. A symlink tra ...
SUSE-SU-2024:3754-1
Security update for buildah
SUSE-SU-2024:3753-1
Security update for podman
ROS-20241029-15
Уязвимость buildah
ROS-20241029-14
Уязвимость cri-o
ROS-20241029-03
Уязвимость podman
GHSA-wq2p-5pc6-wpgf
A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host.
BDU:2024-09457
Уязвимость программного средства управления и запуска OCI-контейнеров Podman, связанная с неправильным ограничением имени пути к ограниченному каталогу, позволяющая нарушителю вызвать отказ в обслуживании
RLSA-2024:9051
Important: podman security update
RLSA-2024:10289
Moderate: container-tools:rhel8 security update
ELSA-2024-9051
ELSA-2024-9051: podman security update (IMPORTANT)
ELSA-2024-10289
ELSA-2024-10289: container-tools:ol8 security update (MODERATE)
SUSE-SU-2024:4303-1
Security update for buildah
SUSE-SU-2024:3988-1
Security update for buildah
SUSE-SU-2025:0267-1
Security update for podman
ELSA-2024-9459
ELSA-2024-9459: buildah security update (IMPORTANT)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-9676 A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host. | CVSS3: 6.5 | 1% Низкий | около 1 года назад |
 | CVE-2024-9676 A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host. | CVSS3: 6.5 | 1% Низкий | около 1 года назад |
 | CVE-2024-9676 A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host. | CVSS3: 6.5 | 1% Низкий | около 1 года назад |
 | CVSS3: 6.5 | 1% Низкий | около 1 года назад | |
| CVE-2024-9676 A vulnerability was found in Podman, Buildah, and CRI-O. A symlink tra ... | CVSS3: 6.5 | 1% Низкий | около 1 года назад |
 | SUSE-SU-2024:3754-1 Security update for buildah | 1% Низкий | около 1 года назад | |
| SUSE-SU-2024:3753-1 Security update for podman | 1% Низкий | около 1 года назад | |
 | ROS-20241029-15 Уязвимость buildah | CVSS3: 6.5 | 1% Низкий | около 1 года назад |
| ROS-20241029-14 Уязвимость cri-o | CVSS3: 6.5 | 1% Низкий | около 1 года назад |
| ROS-20241029-03 Уязвимость podman | CVSS3: 6.5 | 1% Низкий | около 1 года назад |
| GHSA-wq2p-5pc6-wpgf A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host. | CVSS3: 6.5 | 1% Низкий | около 1 года назад |
 | BDU:2024-09457 Уязвимость программного средства управления и запуска OCI-контейнеров Podman, связанная с неправильным ограничением имени пути к ограниченному каталогу, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 6.5 | 1% Низкий | около 1 года назад |
 | RLSA-2024:9051 Important: podman security update | около 1 года назад | ||
| RLSA-2024:10289 Moderate: container-tools:rhel8 security update | 12 месяцев назад | ||
| ELSA-2024-9051 ELSA-2024-9051: podman security update (IMPORTANT) | около 1 года назад | ||
| ELSA-2024-10289 ELSA-2024-10289: container-tools:ol8 security update (MODERATE) | около 1 года назад | ||
| SUSE-SU-2024:4303-1 Security update for buildah | около 1 года назад | ||
| SUSE-SU-2024:3988-1 Security update for buildah | около 1 года назад | ||
| SUSE-SU-2025:0267-1 Security update for podman | 11 месяцев назад | ||
| ELSA-2024-9459 ELSA-2024-9459: buildah security update (IMPORTANT) | около 1 года назад |
Уязвимостей на страницу