Improper Isolation or Compartmentalization

Overview boxlite is a Python bindings for Boxlite runtime Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization in the mounting of host directories in read-only mode into VM. An attacker can gain unauthorized write access to the host filesystem by remounti...

CVE-2025-62878 Local Path Provisioner vulnerable to Path Traversal via parameters.pathPattern

A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories...

Buildah: Podman: Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction

A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories...

buildah: Buildah allows arbitrary directory mount

A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a RUN instruction in a Container file to mount an arbitrary directory from the host read/write into the container as long as those files can...

AZL-50058 CVE-2024-9341 affecting package cri-o 1.30.1-1

A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host...