CVE-2026-33744

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the docker.systempackages field in bentofile.yaml accepts arbitrary strings that are interpolated directly into Dockerfile RUN commands without sanitization. Since...

EUVD-2021-1126

Malware in sbrugna...

Podman Creates Temporary File with Insecure Permissions

A flaw was found in Podman. In a Containerfile or Podman, data written to RUN --mount=type=bind mounts during the podman build is not discarded. This issue can lead to files created within the container appearing in the temporary build context directory on the host, leaving the created files...

Security update for podman

This update for podman fixes the following issues: CVE-2023-45288: Fixed closing connection when receiving too many headers bsc1236507. CVE-2024-11218: Fixed container breakout by using --jobs=2 and a race condition when building a malicious Containerfile bsc1236270. CVE-2025-22869: Fixed Denial ...

Cachi2 安全漏洞

Cachi2 is an open source CLI tool from containerbuildsystem. A security vulnerability exists in Cachi2 versions prior to 0.14.0, which stems from the fact that the tool logs each function's local variables when an unhandled exception is triggered, potentially leading to the display of secret...

podman: Build Context Bind Mount

A flaw was found in Podman. In a Containerfile or Podman, data written to RUN --mount=type=bind mounts during the podman build is not discarded. This issue can lead to files created within the container appearing in the temporary build context directory on the host, leaving the created files...

Unbreakable Enterprise kernel-container security update

5.4.17-2136.336.5.1 - vhost/scsi: null-ptr-dereference in vhostscsigetreq Haoran Zhang Orabug: 37138988 5.4.17-2136.336.5 - uek-rpm: Add skxedaccommon.ko to nanomodules Sherry Yang Orabug: 37030127 - EDAC, i10nm: make skxcommon.o a separate module Arnd Bergmann Orabug: 37030127 - uek-rpm:...

Unbreakable Enterprise kernel security update

5.4.17-2136.336.5.1 - vhost/scsi: null-ptr-dereference in vhostscsigetreq Haoran Zhang Orabug: 37138988 5.4.17-2136.336.5 - uek-rpm: Add skxedaccommon.ko to nanomodules Sherry Yang Orabug: 37030127 - EDAC, i10nm: make skxcommon.o a separate module Arnd Bergmann Orabug: 37030127 - uek-rpm:...

GO-2022-1107 Container build can leak any path on the host into the container in github.com/docker/docker

Container build can leak any path on the host into the container in github.com/docker/docker...

An information disclosure flaw was found in Buildah when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variables from parent and grandparent processes. When run in a container in a CI/CD environment environment variables may include sensitive information that was shared with the container in order to be used only by Buildah itself (e.g. container registry credentials).

...

Container build can leak any path on the host into the container

Description Moby is the open source Linux container runtime and set of components used to build a variety of downstream container runtimes, including Docker CE, Mirantis Container Runtime formerly Docker EE, and Docker Desktop. Moby allows for building container images using a set of build...

Buildah 信息泄露漏洞

Buildah is a tool that supports building OCI container images. Buildah suffers from a security vulnerability that stems from the fact that processes running in a container build e.g., the Dockerfile RUN command have access to the environment variables of both the parent and grandfather processes...

Design/Logic Flaw

Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container build operations, a different vulnerability than CVE-2020-25039...

CVE-2020-25040

Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container build operations, a different vulnerability than CVE-2020-25039...

CVE-2020-25040

CVE-2020-25040 affects Sylabs Singularity prior to 3.6.3, with insecure permissions on temporary directories during container build operations, enabling a logged-in user to read image contents and potentially inject content if world-writable files exist. Public advisories (openSUSE/SLE updates) s...

UBUNTU-CVE-2014-9356

Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an 1 image or 2 build in a Dockerfile...

Fedora 27 : fedpkg / rpkg (2017-9cac2b8b4a)

Update - Fixed chain-build - Remove hard dependency of bash-completion from fedpkg rpkg - Ignore TestModulesCli if openidc-client is unavailable cqi - Port mbs-build to rpkg mprahl - Add .vscode to .gitignore mprahl - Fix TestPatch.testrediff in order to run with old version of mock cqi - Allow t...

Privilege escalation when changing root password in sti builder image

A flaw was found in the building of containers within OpenShift Enterprise. An attacker could submit an image for building that executes commands within the container as root, allowing them to potentially escalate privileges...