Buildah: podman: improper input validation in bind-propagation option of dockerfile run --mount instruction

...

CLSA-2025-1756932191 buildah: Fix of CVE-2024-9407

CVE-2024-9407: validate input for bind-propagation option in Dockerfile RUN --mount instruction to prevent arbitrary parameter passing and potential file modification...

Linux Distros Unpatched Vulnerability : CVE-2024-23652

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit frontend or Dockerfi...

Linux Distros Unpatched Vulnerability : CVE-2024-23651

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in...

Contrast vulnerability allows arbitrary host data Injection into container VOLUME mount points

Background The VOLUME directive in Dockerfiles, or the config.volumes field in OCI image descriptors, indicates filesystem paths "where the process is likely to write data". While these paths have special semantics in Docker, they are only hints in the OCI spec and are not treated specially by...

TencentOS Server 4: podman (TSSA-2024:0683)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0683 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Alibaba Cloud Linux 3 : 0241: container-tools:rhel8 (ALINUX3-SA-2024:0241)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0241 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-9341: A flaw was found in Go. Whe...

Docf-Sec-Check - DockF-Sec-Check Helps To Make Your Dockerfile Commands More Secure

DockF-Sec-Check helps to make your Dockerfile commands more secure. Done x First-level security notification in the Dockerfile TODO List Correctly detect the Dockerfile. Second-level security notification in the Dockerfile. Security notification in Docker images. Private Repository Installation...

Exploit for Deserialization of Untrusted Data in Apache Tomcat

Tomcat CVE-2025-24813 playground ===============================...

Linux Distros Unpatched Vulnerability : CVE-2024-9407

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this...

Linux Distros Unpatched Vulnerability : CVE-2023-25173

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up...

Astra Linux - уязвимость в golang-github-containers-buildah, libpod

A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories...

Important: Red Hat Security Advisory: buildah security update

An update for buildah is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Important: Red Hat Security Advisory: buildah security update

An update for buildah is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

Malicious code in tree-sitter-dockerfile (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 345b2afbf518dc7083621e0f9fb5e7e8b109a319cc7aec619f17c7aa9b18deca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-12112 Malicious code in tree-sitter-dockerfile (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 345b2afbf518dc7083621e0f9fb5e7e8b109a319cc7aec619f17c7aa9b18deca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Moderate: Red Hat Security Advisory: buildah security update

An update for buildah is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Buildah: Podman: Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction

A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories...

Security update for buildah

This update for buildah fixes the following issues: CVE-2024-9676: Fixed github.com/containers/storage: symlink traversal vulnerability in the containers/storage library can cause Denial of Service DoS bsc1231698: CVE-2024-9675: VUL-0: CVE-2024-9675: buildah,podman: buildah: cache arbitrary...

SUSE-SU-2024:3988-1 Security update for buildah

This update for buildah fixes the following issues: - CVE-2024-9676: Fixed github.com/containers/storage: symlink traversal vulnerability in the containers/storage library can cause Denial of Service DoS bsc1231698: - CVE-2024-9675: VUL-0: CVE-2024-9675: buildah,podman: buildah: cache arbitrary...