Lucene search
+L

584 matches found

RedHat Linux
RedHat Linux
added yesterday5 views

Kubelet: CRI-O: kube-apiserver: Kubelet, CRI-O, kube-apiserver: Denial of Service via SPDY streaming code

A flaw was found in the SPDY streaming code used by Kubelet, CRI-O, and kube-apiserver. An attacker with specific cluster roles, such as those allowing access to pod port forwarding, execution, or attachment, or node proxying, could exploit this vulnerability. This could lead to a Denial of Servi...

8.7CVSS6.1AI score0.00656EPSS
Exploits0References4
NVD
NVD
added 2 days ago4 views

CVE-2026-15809

A flaw was found in CRI-O. The fix for a previous vulnerability CVE-2022-4318 was incorrect, allowing it to be bypassed. An attacker capable of setting environment variables on a container can inject a newline character into the HOME environment variable. This issue allows the addition of arbitra...

7.8CVSS0.00126EPSS
Exploits0References4
Cvelist
Cvelist
added 2 days ago38 views

CVE-2026-15809 Github.com/cri-o/cri-o: fix bypass for cve-2022-4318 — /etc/passwd injection via home env

A flaw was found in CRI-O. The fix for a previous vulnerability CVE-2022-4318 was incorrect, allowing it to be bypassed. An attacker capable of setting environment variables on a container can inject a newline character into the HOME environment variable. This issue allows the addition of arbitra...

7.8CVSS0.00126EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2 days ago10 views

CVE-2026-15809 Github.com/cri-o/cri-o: fix bypass for cve-2022-4318 — /etc/passwd injection via home env

A flaw was found in CRI-O. The fix for a previous vulnerability CVE-2022-4318 was incorrect, allowing it to be bypassed. An attacker capable of setting environment variables on a container can inject a newline character into the HOME environment variable. This issue allows the addition of arbitra...

7.8CVSS6.1AI score0.00126EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2 days ago9 views

CVE-2026-15809

A flaw was found in CRI-O. The fix for a previous vulnerability CVE-2022-4318 was incorrect, allowing it to be bypassed. An attacker capable of setting environment variables on a container can inject a newline character into the HOME environment variable. This issue allows the addition of arbitra...

7.8CVSS6.1AI score0.00126EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 3 days ago9 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.21.24 security and extras update

Red Hat OpenShift Container Platform release 4.21.24 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.21. Red Hat Product Security has rated this update as having a security impact of...

8.7CVSS6.2AI score0.00656EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/07/02 12:47 p.m.6 views

CVE-2026-47262

A flaw was found in containerd, an open-source container runtime. A remote attacker could exploit this vulnerability by providing a maliciously crafted image. When a container is created from this image, it leads to uncontrolled resource consumption and memory exhaustion, causing the containerd...

6.5CVSS5.8AI score0.00317EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/27 3:51 a.m.4 views

SUSE CVE-2024-5154

A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal “../“. This flaw allows the container to read and write to arbitrary files on the host system...

8.1CVSS7.3AI score0.01237EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/26 1:10 p.m.13 views

CVE-2026-7374

A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket with a symlink to...

9.9CVSS5.8AI score0.00596EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.14 views

PT-2026-43242

Name of the Vulnerable Software and Affected Versions KubeVirt affected versions not specified Description A flaw in the virt-handler component allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual...

9.9CVSS5.2AI score0.00596EPSS
Exploits0References44
RedHat Linux
RedHat Linux
added 2026/05/20 10:49 a.m.13 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.18.42 security and extras update

Red Hat OpenShift Container Platform release 4.18.42 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a security impact of...

8.7CVSS5.9AI score0.00656EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.14 views

RHCOS 4 : OpenShift Container Platform 4.7.45 (RHSA-2022:0870)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0870 advisory. - cri-o: pod with access to 'hostIPC' and 'hostNetwork' kernel namespace allows sysctl from the list of safe sysctls to be applied t...

9CVSS7.7AI score0.18561EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.9 views

RHCOS 4 : OpenShift Container Platform 4.2.36 cri-o (RHSA-2020:2776)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2776 advisory. - cri-o: infra container reparented to systemd following OOM Killer killing it's conmon CVE-2019-14891 Note that Nessus has not tested for th...

6CVSS5.8AI score0.00691EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.11 views

RHCOS 4 : OpenShift Container Platform 4.9.25 (RHSA-2022:0860)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:0860 advisory. - CRI-O: Arbitrary code execution in cri-o via abusing kernel.corepattern kernel parameter CVE-2022-0811 Note that Nessus has not tested for...

9CVSS6.5AI score0.18561EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.9 views

RHCOS 4 : OpenShift Container Platform 4.1.17 cri-o (RHSA-2019:2825)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:2825 advisory. - containers/image: not enforcing TLS when sending username+password credentials to token servers leading to credential disclosure...

6.4CVSS5.8AI score0.01604EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.7 views

RHCOS 4 : OpenShift Container Platform 4.8.35 (RHSA-2022:0871)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:0871 advisory. - CRI-O: Arbitrary code execution in cri-o via abusing kernel.corepattern kernel parameter CVE-2022-0811 - workflow-cps: OS command...

9CVSS7.7AI score0.7855EPSS
Exploits0References19
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.8 views

RHCOS 3 : OpenShift Container Platform 3.9 cri-o (RHSA-2019:3812)

The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:3812 advisory. - containers/image: not enforcing TLS when sending username+password credentials to token servers leading to credential disclosure...

6.4CVSS5.8AI score0.01604EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.8 views

RHCOS 4 : OpenShift Container Platform 4.6.59 (RHSA-2022:4947)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:4947 advisory. - cri-o: memory exhaustion on the node when access to the kube api CVE-2022-1708 - credentials: Stored XSS vulnerabilities in jenkin...

7.8CVSS6.9AI score0.7855EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.15 views

RHCOS 4 : OpenShift Container Platform 4.15.37 (RHSA-2024:8428)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8428 advisory. - Podman: Buildah: cri-o: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library CVE-2024-9341 - Podman: Builda...

8.2CVSS7.2AI score0.01345EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.7 views

RHCOS 4 : OpenShift Container Platform 4.13.43 (RHSA-2024:3496)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3496 advisory. - cri-o: Arbitrary command injection via pod annotation CVE-2024-3154 Note that Nessus has not tested for this issue but has instead relied...

7.2CVSS6.4AI score0.01418EPSS
Exploits0References4
Rows per page
Query Builder