Lucene search
GoogleOSV:SUSE-SU-2024:2050-2HistoryJul 15, 2024 - 5:48 a.m.
Security update for podman
2024-07-1505:48:24
Google
osv.dev
2
podman
security update
cve-2024-3727
cve-2024-24786
version 4.9.5
CVSS3
8.3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
AI Score
6.8
Confidence
Low
EPSS
0.001
Percentile
17.8%
This update for podman fixes the following issues:
- Update to version 4.9.5
- CVE-2024-3727: Fixed a flaw that allowed attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks. (bsc#1224122)
- CVE-2024-24786: Fixed an infinite loop in protojson. (bsc#1226136)
Related
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:2050-1)
2024-06-19 00:00:00
openSUSE: Security Advisory for podman (SUSE-SU-2024:2050-1)
2024-06-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2024:2050-2)
2024-07-16 00:00:00
nessus
nessus
SUSE SLES15 / openSUSE 15 Security Update : podman (SUSE-SU-2024:2031-1)
2024-06-15 00:00:00
SUSE SLES15 Security Update : podman (SUSE-SU-2024:2090-1)
2024-06-20 00:00:00
SUSE SLES15 Security Update : podman (SUSE-SU-2024:2050-1)
2024-06-19 00:00:00
osv
osv
Security update for podman
2024-06-14 11:06:24
Security update for podman
2024-07-15 05:48:24
Security update for podman
2024-06-19 10:38:55
redhatcve
redhatcve
CVE-2024-3727
2024-05-09 14:55:55
CVE-2024-24786
2024-03-06 07:12:54
cve
cve
CVE-2024-3727
2024-05-14 15:42:07
CVE-2024-24786
2024-03-05 23:15:07
alpinelinux
alpinelinux
CVE-2024-3727
2024-05-14 15:42:07
fedora
fedora
[SECURITY] Fedora 40 Update: podman-5.0.3-1.fc40
2024-05-17 01:09:09
[SECURITY] Fedora 39 Update: prometheus-podman-exporter-1.12.0-1.fc39
2024-06-11 01:59:07
[SECURITY] Fedora 39 Update: buildah-1.35.4-1.fc39
2024-05-19 02:46:24
vulnrichment
vulnrichment
CVE-2024-3727 Containers/image: digest type does not guarantee valid type
2024-05-09 14:57:21
cbl_mariner
cbl_mariner
CVE-2024-3727 affecting package containerized-data-importer for versions less than 1.57.0-2
2024-07-02 23:30:04
CVE-2024-3727 affecting package containerized-data-importer for versions less than 1.55.0-19
2024-07-10 19:52:59
CVE-2024-3727 affecting package cri-o for versions less than 1.22.3-4
2024-07-10 19:52:59
wolfi
wolfi
CVE-2024-3727 vulnerabilities
2024-09-27 09:13:12
redos
redos
ROS-20240711-02
2024-07-11 00:00:00
ROS-20240729-16
2024-07-29 00:00:00
ROS-20240719-01
2024-07-19 00:00:00
ubuntucve
ubuntucve
CVE-2024-3727
2024-05-14 00:00:00
debiancve
debiancve
CVE-2024-3727
2024-05-14 15:42:07
veracode
veracode
Improper Digest Validation
2024-05-15 08:41:06
cvelist
cvelist
CVE-2024-3727 Containers/image: digest type does not guarantee valid type
2024-05-09 14:57:21
redhat
redhat
github
github
nvd
nvd
CVE-2024-3727
2024-05-14 15:42:07
almalinux
almalinux
Moderate: buildah bug fix update
2024-04-30 00:00:00
CVSS3
8.3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
AI Score
6.8
Confidence
Low
EPSS
0.001
Percentile
17.8%
Related for OSV:SUSE-SU-2024:2050-2