146 matches found
GHSA-RJCG-56PH-3QVG vulnerabilities
Vulnerabilities for packages: kpt, cilium, xeol-fips, nvidia-nsight-compute-12.9, prometheus-elasticsearch-exporter, blob-csi, configmap-reload-fips, runc, kubernetes-dashboard-auth-fips, velero-plugin-for-csi-fips, restic, kube-bench, gostatsd, sriov-network-device-plugin, vexctl, conftest-fips,...
CVE-2025-58189 vulnerabilities
Vulnerabilities for packages: kpt, cilium, xeol-fips, nvidia-nsight-compute-12.9, prometheus-elasticsearch-exporter, blob-csi, configmap-reload-fips, runc, kubernetes-dashboard-auth-fips, velero-plugin-for-csi-fips, restic, kube-bench, gostatsd, sriov-network-device-plugin, vexctl, conftest-fips,...
CVE-2025-61724 vulnerabilities
Vulnerabilities for packages: kpt, cilium, xeol-fips, nvidia-nsight-compute-12.9, prometheus-elasticsearch-exporter, blob-csi, configmap-reload-fips, runc, kubernetes-dashboard-auth-fips, velero-plugin-for-csi-fips, restic, kube-bench, gostatsd, sriov-network-device-plugin, vexctl, conftest-fips,...
GHSA-CXQ7-XW9V-RCV3 vulnerabilities
Vulnerabilities for packages: kpt, cilium, xeol-fips, nvidia-nsight-compute-12.9, prometheus-elasticsearch-exporter, blob-csi, configmap-reload-fips, runc, kubernetes-dashboard-auth-fips, velero-plugin-for-csi-fips, restic, kube-bench, gostatsd, sriov-network-device-plugin, vexctl, conftest-fips,...
GHSA-9GCR-GP5F-JW27 vulnerabilities
Vulnerabilities for packages: kpt, cilium, xeol-fips, nvidia-nsight-compute-12.9, prometheus-elasticsearch-exporter, blob-csi, configmap-reload-fips, runc, kubernetes-dashboard-auth-fips, velero-plugin-for-csi-fips, restic, kube-bench, gostatsd, sriov-network-device-plugin, vexctl, conftest-fips,...
Astra Linux – Vulnerability in libpod
There is a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file is stored in a Secret or a ConfigMap volume, and such volumes contain symbolic links to host file paths. In a successful attack, the attacker can control only the target...
podman: Podman kube play command may overwrite host files
There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the targ...
EUVD-2024-1950
Malicious code in bioql PyPI...
EUVD-2025-27030
Malicious code in bioql PyPI...
CLSA-2025-1759505734 podman: Fix of CVE-2025-9566
CVE-2025-9566: fix kube play vulnerability that allows following volume symlinks onto the host filesystem. Prevent symlink-based host escapes in ConfigMap and Secret volumes...
podman: Podman kube play command may overwrite host files
There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the targ...
podman: Podman kube play command may overwrite host files
There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the targ...
podman: Podman kube play command may overwrite host files
There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the targ...
podman: Podman kube play command may overwrite host files
There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the targ...
GHSA-GWRF-JF3H-W649 vulnerabilities
Vulnerabilities for packages: kubernetes-dashboard-fips, nvidia-nsight-compute-12.9, karpenter, secrets-store-csi-driver-provider-aws-fips, k8sgpt-operator, configmap-reload-fips, mattmoor-chainit, git-lfs, sftpgo-plugin-geoipfilter, falco, blobfuse2, gostatsd, vexctl, openbao-k8s-fips,...
podman: Podman kube play command may overwrite host files
There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the targ...
podman: Podman kube play command may overwrite host files
There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the targ...
podman: Podman kube play command may overwrite host files
There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the targ...
podman: Podman kube play command may overwrite host files
There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the targ...
Directory Traversal
github.com/containers/podman is vulnerable to Directory Traversal.The vulnerability is due to a lack of symlink canonicalization and host-path validation; this allows an attacker who supplies a malicious Kubernetes YAML to cause podman to write the ConfigMap/Secret data contents are defined by th...