Local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting (CVE-2022-4415) References: - https://bugs.mageia.org/show_bug.cgi?id=31305
Improper path allowed when extracting archive.(CVE-2022-37865) Possible path traversal in download path (CVE-2022-37866) References: - https://bugs.mageia.org/show_bug.cgi?id=31075
Information disclosure flaw was found in Buildah (CVE-2021-3602) podman allows forwarding hosts ports to vm from within vm (CVE-2021-4024) Allows use "../" separators in containernetworking/cni to reference binaries such as 'reboot' in network configuration (CVE-2021-20206) github.com/containers/storage ddos via crafted tar file (CVE-2021-20291)
A bug was discovered in versions older than 0.8.6 that is believed to be exploitable by malicious server admins to crash clients or, if they defeat mitigations, execute arbitrary code. No working exploit code is known to exist at this time, See referenced release notes for other changes.
Remote unauthenticated attacker may redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL. (CVE-2023-28370) References:
The OOB read and integer-overflow made by attacker may lead to crash, high consumption of memory or even other more serious consequences. (CVE-2023-32307) References: