VYPR

Podman

by Containers

Source repositories

CVEs (7)

  • CVE-2025-6032HigJun 24, 2025
    risk 0.47cvss 8.3epss 0.00

    A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.

  • CVE-2025-9566HigSep 5, 2025
    risk 0.46cvss 8.1epss 0.01

    There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can…

  • CVE-2025-4953HigSep 16, 2025
    risk 0.41cvss 7.4epss 0.01

    A flaw was found in Podman. In a Containerfile or Podman, data written to RUN --mount=type=bind mounts during the podman build is not discarded. This issue can lead to files created within the container appearing in the temporary build context directory on the host, leaving the…

  • CVE-2018-10856MedJul 3, 2018
    risk 0.28cvss 5.3epss 0.01

    It has been discovered that podman before version 0.6.1 does not drop capabilities when executing a container as a non-root user. This results in unnecessary privileges being granted to the container.

  • CVE-2024-9407MedOct 1, 2024
    risk 0.24cvss 4.7epss 0.00

    A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount…

  • CVE-2022-2739Sep 1, 2022
    risk 0.00cvss epss 0.00

    The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-14370, which was previously fixed via RHSA-2020:5056. This issue could possibly allow an attacker to gain…

  • CVE-2022-2738Sep 1, 2022
    risk 0.00cvss epss 0.01

    The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117. This issue could possibly be used to crash or cause…