| 漏洞编号 | 漏洞公告(公告内会包含同一软件多个漏洞 CVE) |
| CVE-2022-27191 | Golong golang.org/x/crypto/ssh拒绝服务漏洞(CVE-2022-27191) |
| CVE-2022-2989 | Podman 安全漏洞(CVE-2022-2989) |
| CVE-2022-3064 | Go-Yaml 安全漏洞 |
| CVE-2022-41723 | Google golang 拒绝服务漏洞(CVE-2022-41723) |
| CVE-2022-41724 | Google Go 拒绝服务漏洞(CVE-2022-41724) |
| CVE-2022-41725 | multipart 拒绝服务漏洞(CVE-2022-41725) |
| CVE-2023-24534 | Google Golang 安全漏洞 |
| CVE-2023-24536 | Google Golang 安全漏洞 |
| CVE-2023-24537 | Google Golang 安全漏洞 |
| CVE-2023-24538 | Go html/template 存在存储型XSS漏洞 |
| CVE-2023-24539 | Golang Go 跨站脚本漏洞(CVE-2023-24539) |
| CVE-2023-24540 | Golang Go 跨站脚本漏洞(CVE-2023-24540) |
| CVE-2023-25173 | containerd容器内文件权限机制实现不当 |
| CVE-2023-25809 | runc 权限管理不当 |
| CVE-2023-27561 | opencontainers/runc 权限提升漏洞(CVE-2023-27561) |
| CVE-2023-28642 | Runc 权限提升漏洞(CVE-2023-28642) |
| CVE-2023-29400 | Golang Go 跨站脚本漏洞(CVE-2023-29400) |
| CVE-2023-29406 | net/http 中的主机标头清理不充分 (CVE-2023-29406) |
| CVE-2023-3978 | golang networkingXSS漏洞(CVE-2023-3978) |
| CVE-2024-21626 | runc 文件描述符泄漏漏洞(CVE-2024-21626) |
An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.
【】-
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments
-