VYPR

Vendor CVEs

Containers

All CVEs

31 total · sorted by risk
  • CVE-2017-5226CriMar 29, 2017
    risk 0.65cvss 10.0epss 0.03

    When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the sandbox.

  • CVE-2026-41163HigMay 9, 2026
    risk 0.57cvss epss 0.00

    bubblewrap is a low-level unprivileged sandboxing tool. From version 0.11.0 to before version 0.11.2, if bubblewrap is installed in setuid mode then the user can use ptrace to attach to bubblewrap and control the unprivileged part of the sandbox setup phase. This allows the…

  • CVE-2024-11218HigJan 22, 2025
    risk 0.49cvss 8.6epss 0.00

    A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and…

  • CVE-2025-24965HigFeb 19, 2025
    risk 0.48cvss epss 0.01

    crun is an open source OCI Container Runtime fully written in C. In affected versions A malicious container image could trick the krun handler into escaping the root filesystem, allowing file creation or modification on the host. No special permissions are needed, only the…

  • CVE-2025-6032HigJun 24, 2025
    risk 0.47cvss 8.3epss 0.00

    A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.

  • CVE-2024-3727HigMay 14, 2024
    risk 0.47cvss 8.3epss 0.01

    A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.

  • CVE-2025-9566HigSep 5, 2025
    risk 0.46cvss 8.1epss 0.01

    There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can…

  • CVE-2016-8659HigFeb 13, 2017
    risk 0.46cvss 7.0epss 0.00

    Bubblewrap before 0.1.3 sets the PR_SET_DUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket.

  • CVE-2025-4953HigSep 16, 2025
    risk 0.41cvss 7.4epss 0.01

    A flaw was found in Podman. In a Containerfile or Podman, data written to RUN --mount=type=bind mounts during the podman build is not discarded. This issue can lead to files created within the container appearing in the temporary build context directory on the host, leaving the…

  • CVE-2026-35406MedApr 7, 2026
    risk 0.33cvss 6.2epss 0.00

    Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a truncated TCP DNS query followed by a connection reset causes aardvark-dns to enter an unrecoverable infinite error loop at 100% CPU. This vulnerability is fixed in 1.17.1.

  • CVE-2018-10856MedJul 3, 2018
    risk 0.28cvss 5.3epss 0.01

    It has been discovered that podman before version 0.6.1 does not drop capabilities when executing a container as a non-root user. This results in unnecessary privileges being granted to the container.

  • CVE-2024-9407MedOct 1, 2024
    risk 0.24cvss 4.7epss 0.00

    A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount…

  • CVE-2016-6349LowMar 29, 2017
    risk 0.21cvss 3.3epss 0.00

    The machinectl command in oci-register-machine allows local users to list running containers and possibly obtain sensitive information by running that command.

  • CVE-2025-8283LowJul 28, 2025
    risk 0.17cvss 3.7epss 0.00

    A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a container with a given name,…

  • CVE-2026-30892Mar 25, 2026
    risk 0.00cvss epss 0.00

    crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the `crun exec` option `-u` (`--user`) is incorrectly parsed. The value `1` is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with…

  • CVE-2024-9676Oct 15, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned…

  • CVE-2024-9675Oct 9, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as…

  • CVE-2024-9341Oct 1, 2024
    risk 0.00cvss epss 0.01

    A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting…

  • CVE-2024-8418Sep 4, 2024
    risk 0.00cvss epss 0.01

    A flaw was found in Aardvark-dns, which is vulnerable to a Denial of Service attack due to the serial processing of TCP DNS queries. An attacker can exploit this flaw by keeping a TCP connection open indefinitely, causing the server to become unresponsive and resulting in other…

  • CVE-2024-42472Aug 15, 2024
    risk 0.00cvss epss 0.01

    Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app using persistent directories could access and write files outside of what it would otherwise have access to, which is an attack on…

  • CVE-2022-2990Sep 13, 2022
    risk 0.00cvss epss 0.00

    An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access…

  • CVE-2022-2739Sep 1, 2022
    risk 0.00cvss epss 0.00

    The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-14370, which was previously fixed via RHSA-2020:5056. This issue could possibly allow an attacker to gain…

  • CVE-2022-2738Sep 1, 2022
    risk 0.00cvss epss 0.01

    The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117. This issue could possibly be used to crash or cause…

  • CVE-2022-27650Apr 4, 2022
    risk 0.00cvss epss 0.01

    A flaw was found in crun where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker…

  • CVE-2022-27651Apr 4, 2022
    risk 0.00cvss epss 0.01

    A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to…

  • CVE-2021-3602Mar 3, 2022
    risk 0.00cvss epss 0.00

    An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variables from parent and grandparent processes. When run in a container in a CI/CD…

  • CVE-2021-20291Apr 1, 2021
    risk 0.00cvss epss 0.02

    A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation…

  • CVE-2020-5291Mar 31, 2020
    risk 0.00cvss epss 0.01

    Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the `bwrap --userns2` option can be used to make the setuid process keep running as root while being traceable. This can in turn be used to gain root…

  • CVE-2019-18837Nov 13, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in crun before 0.10.5. With a crafted image, it doesn't correctly check whether a target is a symlink, resulting in access to files outside of the container. This occurs in libcrun/linux.c and libcrun/chroot_realpath.c.

  • CVE-2019-12479Aug 13, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in 20|20 Storage 2.11.0. A Path Traversal vulnerability in the TwentyTwenty.Storage library in the LocalStorageProvider allows creating and reading files outside of the specified basepath. If the application using this library does not sanitize…

  • CVE-2019-12439May 29, 2019
    risk 0.00cvss epss 0.00

    bubblewrap.c in Bubblewrap before 0.3.3 misuses temporary directories in /tmp as a mount point. In some particular configurations (related to XDG_RUNTIME_DIR), a local attacker may abuse this flaw to prevent other users from executing bubblewrap or potentially execute code.