Lucene search
K

24 matches found

AstraLinux
AstraLinux
added 2025/11/01 10:54 a.m.3 views

Astra Linux – Vulnerability in libpod

A flaw was discovered in Podman. The podman machine init command fails to verify the TLS certificate when downloading VM images from an OCI registry. This issue allows for a Man In The Middle attack to occur...

8.3CVSS6.6AI score0.00397EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-5384

Malicious code in bioql PyPI...

5.9CVSS6.8AI score0.01849EPSS
Exploits0References12
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-1821

Malicious code in bioql PyPI...

7.5CVSS7AI score0.01441EPSS
Exploits0References20
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-0432

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.01057EPSS
Exploits1References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-2652

Malicious code in bioql PyPI...

7.7CVSS8.5AI score0.00514EPSS
Exploits0References6
OSV
OSV
added 2025/09/16 3:15 p.m.6 views

AZL-68054 CVE-2025-4953 affecting package podman for versions less than 5.6.1-2

A flaw was found in Podman. In a Containerfile or Podman, data written to RUN --mount=type=bind mounts during the podman build is not discarded. This issue can lead to files created within the container appearing in the temporary build context directory on the host, leaving the created files...

7.4CVSS5.8AI score0.00596EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2025/09/16 2:54 p.m.7 views

CVE-2025-4953

A flaw was found in Podman. In a Containerfile or Podman, data written to RUN --mount=type=bind mounts during the podman build is not discarded. This issue can lead to files created within the container appearing in the temporary build context directory on the host, leaving the created files...

7.4CVSS7.1AI score0.00596EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/09/16 12:0 a.m.3 views

PT-2025-38004

Name of the Vulnerable Software and Affected Versions Podman affected versions not specified Description A flaw exists in Podman where data written to RUN --mount=type=bind mounts during the podman build process is not discarded. This can result in files created within the container appearing in...

9.8CVSS7.4AI score0.03269EPSS
Exploits4References76
NVD
NVD
added 2025/06/24 2:15 p.m.5 views

CVE-2025-6032

A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack...

8.3CVSS0.00397EPSS
Exploits0References17
Debian CVE
Debian CVE
added 2025/06/24 1:50 p.m.4 views

CVE-2025-6032

A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack...

8.3CVSS5.9AI score0.00397EPSS
Exploits0
CVE
CVE
added 2025/06/24 1:50 p.m.148 views

CVE-2025-6032

Podman vulnerability CVE-2025-6032: the podman machine init flow fails to verify TLS when downloading VM images from an OCI registry, enabling a potential Man-in-the-Middle. Affected component is Podman/libpod; impact is high (confidentiality, integrity, availability). Mitigation references indic...

8.3CVSS7AI score0.00397EPSS
Exploits0References17
Tenable Nessus
Tenable Nessus
added 2025/05/14 12:0 a.m.9 views

Alibaba Cloud Linux 3 : 0267: container-tools:rhel8 (ALINUX3-SA-2024:0267)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0267 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-33198: In Go before 1.15.13 and...

7.5CVSS7.1AI score0.034EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2024-3056

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container that, when configured to share the same IPC with at least o...

7.7CVSS7.6AI score0.00514EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2023-0778

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Time-of-check Time-of-use TOCTOU flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while...

6.8CVSS6.7AI score0.00541EPSS
Exploits0References3
OSV
OSV
added 2024/08/02 9:16 p.m.12 views

CVE-2024-3056

A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container that, when configured to share the same IPC with at least one other container, can create a large number of IPC resources in /dev/shm. The malicious container will continue to exhaust resources...

7.7CVSS6.5AI score0.00514EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.49 views

Rocky Linux 8 : container-tools:rhel8 (RLSA-2020:1650)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:1650 advisory. - runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfslinux.go. To exploit this, an...

7CVSS7AI score0.01849EPSS
Exploits0References49
OSV
OSV
added 2023/03/27 9:15 p.m.10 views

AZL-39612 CVE-2023-0778 affecting package cri-o for versions less than 1.22.3-10

A Time-of-check Time-of-use TOCTOU flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system...

6.8CVSS6.8AI score0.00541EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2022/11/15 1:20 p.m.3 views

podman: Remote traffic to rootless containers is seen as orginating from localhost

A flaw was found in podman. Rootless containers receive all traffic with a source IP address of 127.0.0.1 including from remote hosts which impact containerized applications that trust localhost 127.0.01 connections by default and do not require authentication. The highest threat from this...

5.9CVSS7.2AI score0.01105EPSS
Exploits1References4
Microsoft CVE
Microsoft CVE
added 2022/05/12 7:0 a.m.1 views

A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem leading to information disclosure or denial of service.

...

8.8CVSS8.2AI score0.04238EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2022/04/26 8:8 p.m.4 views

podman: Default inheritable capabilities for linux container should be empty

A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby Docker Engine, where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to...

7.5CVSS5.7AI score0.01441EPSS
Exploits0References5
Rows per page
Query Builder