Redhat » Enterprise Linux Server : Security Vulnerabilities, CVEs, Published In 2022 (Denial of service)
A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.
Max CVSS
8.8
EPSS Score
0.29%
Published
2022-04-29
Updated
2022-07-23
Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_sector_size variables. These are used to derive other fields like 'sectors_per_block' etc. A user able to alter the Qemu disk image could ise this flaw to crash the Qemu instance resulting in DoS.
Max CVSS
5.5
EPSS Score
0.05%
Published
2022-09-29
Updated
2023-02-13
2 vulnerabilities found