Vulnerabilities > Podman Project

DATE CVE VULNERABILITY TITLE RISK
2024-08-02 CVE-2024-3056 Resource Exhaustion vulnerability in multiple products
A flaw was found in Podman.
network
high complexity
podman-project redhat fedoraproject CWE-400
7.7
2023-03-27 CVE-2023-0778 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products
A Time-of-check Time-of-use (TOCTOU) flaw was found in podman.
network
high complexity
podman-project redhat CWE-367
6.8
2022-12-08 CVE-2022-4122 Link Following vulnerability in multiple products
A vulnerability was found in buildah.
network
low complexity
podman-project fedoraproject CWE-59
5.3
2022-12-08 CVE-2022-4123 Path Traversal vulnerability in multiple products
A flaw was found in Buildah.
local
low complexity
podman-project fedoraproject CWE-22
3.3
2022-09-13 CVE-2022-2989 Placement of User into Incorrect Group vulnerability in multiple products
An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.
local
low complexity
podman-project redhat CWE-842
7.1
2022-09-01 CVE-2022-2738 Use After Free vulnerability in multiple products
The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117.
network
high complexity
redhat podman-project CWE-416
7.5
2022-09-01 CVE-2022-2739 Cleartext Storage of Sensitive Information vulnerability in multiple products
The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-14370, which was previously fixed via RHSA-2020:5056.
network
high complexity
redhat podman-project CWE-312
5.3
2022-06-09 CVE-2019-25067 A vulnerability, which was classified as critical, was found in Podman and Varlink 1.5.1.
network
low complexity
podman-project varlink
8.8
2022-04-29 CVE-2022-1227 Improper Privilege Management vulnerability in multiple products
A privilege escalation flaw was found in Podman.
8.8
2022-04-04 CVE-2022-27649 Incorrect Default Permissions vulnerability in multiple products
A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions.
network
high complexity
podman-project redhat fedoraproject CWE-276
7.5