Lucene search
K

235 matches found

CVE
CVE
added 2025/09/16 2:54 p.m.49 views

CVE-2025-4953

CVE-2025-4953 affects Podman builds using RUN --mount=type=bind; data written during build may persist and appear in the host build context, exposing created files. The issue is specific to Podman/bind-mmount behavior. Remediation: upgrade Podman to a version where the fix is applied (e.g., Podma...

7.4CVSS6.1AI score0.00596EPSS
Exploits0References16
RedHat Linux
RedHat Linux
added 2025/09/16 5:56 a.m.14 views

podman: Build Context Bind Mount

A flaw was found in Podman. In a Containerfile or Podman, data written to RUN --mount=type=bind mounts during the podman build is not discarded. This issue can lead to files created within the container appearing in the temporary build context directory on the host, leaving the created files...

7.4CVSS5.8AI score0.00596EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/09/16 12:0 a.m.4 views

Podman 安全漏洞

Podman is a Podman open source engine for developing, managing and running OCI containers on Linux systems. A security vulnerability exists in Podman that stems from RUN --mount=type=bind mounted data that is not discarded during a podman build, which could result in files created within the...

7.4CVSS6.4AI score0.00596EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/16 12:0 a.m.3 views

PT-2025-38004

Name of the Vulnerable Software and Affected Versions Podman affected versions not specified Description A flaw exists in Podman where data written to RUN --mount=type=bind mounts during the podman build process is not discarded. This can result in files created within the container appearing in...

9.9CVSS7.4AI score0.10543EPSS
Exploits21References76
GithubExploit
GithubExploit
added 2025/08/25 7:36 a.m.212 views

Exploit for CVE-2025-9074

CVE-2025-9074 – Docker Desktop Windows Container→Host Write...

9.3CVSS6.6AI score0.01594EPSS
Exploits15
SUSE Linux
SUSE Linux
added 2025/06/19 8:55 a.m.2 views

Security update for pam

This update for pam fixes the following issues: CVE-2025-6020: pamnamespace: convert functions that may operate on a user-controlled path to operate on file descriptors instead of absolute path. And keep the bind-mount protection from protectmount as a defense in depthmeasure. bsc1244509 Patch...

7.8CVSS7.2AI score0.0039EPSS
Exploits0References4
OSV
OSV
added 2025/06/19 8:49 a.m.4 views

SUSE-SU-2025:20427-1 Security update for pam

This update for pam fixes the following issues: - CVE-2025-6020: pamnamespace: convert functions that may operate on a user-controlled path to operate on file descriptors instead of absolute path. And keep the bind-mount protection from protectmount as a defense in depthmeasure. bsc1244509...

7.8CVSS7.2AI score0.0039EPSS
Exploits0References3
SUSE Linux
SUSE Linux
added 2025/06/19 8:45 a.m.1 views

Security update for pam

This update for pam fixes the following issues: CVE-2025-6020: pamnamespace: convert functions that may operate on a user-controlled path to operate on file descriptors instead of absolute path. And keep the bind-mount protection from protectmount as a defense in depthmeasure. bsc1244509 Patch...

7.8CVSS7.2AI score0.0039EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2025/06/16 11:28 a.m.3 views

Astra Linux – Vulnerability in libpod

A flaw was discovered in Podman. In a Containerfile or Podman, data written during the podman build using RUN --mount=type=bind is not discarded. This issue can cause files created within the container to appear in the temporary build context directory on the host, making the created files...

7.4CVSS5.9AI score0.00596EPSS
Exploits0References2
SUSE Linux
SUSE Linux
added 2025/04/22 1:50 p.m.4 views

Security update for podman

This update for podman fixes the following issues: CVE-2023-45288: Fixed closing connection when receiving too many headers bsc1236507. CVE-2024-11218: Fixed container breakout by using --jobs=2 and a race condition when building a malicious Containerfile bsc1236270. CVE-2025-22869: Fixed Denial ...

8.7CVSS7.1AI score0.91969EPSS
Exploits1References28
SUSE Linux
SUSE Linux
added 2025/01/30 2:50 p.m.3 views

Security update for buildah

This update for buildah fixes the following issues: Update to version 1.35.5 CVE-2024-11218: Fix TOCTOU error when bind and cache mounts use "src" values. bsc1236272 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...

8.7CVSS7.7AI score0.00358EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2024/11/23 3:4 a.m.8 views

Astra Linux – Vulnerability in Flatpak

Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app that used persistent directories could access and write files outside of its usual access rights, which constituted an attack on integrity and...

10CVSS7AI score0.01283EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2024/11/06 2:57 p.m.1 views

podman: Build Context Bind Mount

A flaw was found in Podman. In a Containerfile or Podman, data written to RUN --mount=type=bind mounts during the podman build is not discarded. This issue can lead to files created within the container appearing in the temporary build context directory on the host, leaving the created files...

7.4CVSS5.8AI score0.00596EPSS
Exploits0References5
CVE
CVE
added 2024/08/15 6:32 p.m.253 views

CVE-2024-42472

CVE-2024-42472 affects Flatpak before 1.14.0/1.15.10 and allows a malicious or compromised Flatpak app using persistent directories to access or write files outside the sandbox. The root cause is a symlink-following issue when mounting persistent (persist) directories, causing the bind mount to f...

10CVSS9.3AI score0.01283EPSS
Exploits1References11Affected Software1
AlpineLinux
AlpineLinux
added 2024/08/15 6:32 p.m.24 views

CVE-2024-42472

Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app using persistent directories could access and write files outside of what it would otherwise have access to, which is an attack on integrity and...

10CVSS6.5AI score0.01283EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2023/02/15 5:27 a.m.2 views

SUSE CVE-2014-5206

The doremount function in fs/namespace.c in the Linux kernel through 3.16.1 does not maintain the MNTLOCKREADONLY bit across a remount of a bind mount, which allows local users to bypass an intended read-only restriction and defeat certain sandbox protection mechanisms via a "mount -o remount"...

7.2CVSS6.5AI score0.00368EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:27 a.m.4 views

SUSE CVE-2014-5207

fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNTNODEV, MNTNOSUID, and MNTNOEXEC and changing MNTATIMEMASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, ...

6.2CVSS6.6AI score0.00888EPSS
Exploits6References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:21 a.m.3 views

SUSE CVE-2015-1335

lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a 1 mount target or 2 bind mount source...

7.2CVSS6.6AI score0.00459EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:20 a.m.2 views

SUSE CVE-2015-2925

The prependpath function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack."...

6.9CVSS6.3AI score0.01246EPSS
Exploits0References19
OSV
OSV
added 2022/07/15 11:8 p.m.36 views

GO-2022-0274 Namespace restriction bypass in github.com/opencontainers/runc

An attacker with partial control over the bind mount sources of a new container can bypass namespace restrictions...

6CVSS5.6AI score0.01663EPSS
Exploits1References3
Rows per page
Query Builder