55 matches found
Kubelet: CRI-O: kube-apiserver: Kubelet, CRI-O, kube-apiserver: Denial of Service via SPDY streaming code
A flaw was found in the SPDY streaming code used by Kubelet, CRI-O, and kube-apiserver. An attacker with specific cluster roles, such as those allowing access to pod port forwarding, execution, or attachment, or node proxying, could exploit this vulnerability. This could lead to a Denial of Servi...
CVE-2026-15809 Github.com/cri-o/cri-o: fix bypass for cve-2022-4318 — /etc/passwd injection via home env
A flaw was found in CRI-O. The fix for a previous vulnerability CVE-2022-4318 was incorrect, allowing it to be bypassed. An attacker capable of setting environment variables on a container can inject a newline character into the HOME environment variable. This issue allows the addition of arbitra...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.21.24 security and extras update
Red Hat OpenShift Container Platform release 4.21.24 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.21. Red Hat Product Security has rated this update as having a security impact of...
RHCOS 4 : OpenShift Container Platform 4.9.25 (RHSA-2022:0860)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:0860 advisory. - CRI-O: Arbitrary code execution in cri-o via abusing kernel.corepattern kernel parameter CVE-2022-0811 Note that Nessus has not tested for...
RHCOS 4 : OpenShift Container Platform 4.1.17 cri-o (RHSA-2019:2825)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:2825 advisory. - containers/image: not enforcing TLS when sending username+password credentials to token servers leading to credential disclosure...
RHCOS 3 : OpenShift Container Platform 3.9 cri-o (RHSA-2019:3812)
The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:3812 advisory. - containers/image: not enforcing TLS when sending username+password credentials to token servers leading to credential disclosure...
RHCOS 4 : OpenShift Container Platform 4.7.45 (RHSA-2022:0870)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0870 advisory. - cri-o: pod with access to 'hostIPC' and 'hostNetwork' kernel namespace allows sysctl from the list of safe sysctls to be applied t...
RHCOS 4 : OpenShift Container Platform 4.15.17 (RHSA-2024:3676)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3676 advisory. - cri-o: malicious container can create symlink on host CVE-2024-5154 Note that Nessus has not tested for this issue but has instead relied...
RHCOS 4 : OpenShift Container Platform 4.13.43 (RHSA-2024:3496)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3496 advisory. - cri-o: Arbitrary command injection via pod annotation CVE-2024-3154 Note that Nessus has not tested for this issue but has instead relied...
RHCOS 4 : OpenShift Container Platform 4.13.53 (RHSA-2024:8690)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8690 advisory. - Podman: Buildah: cri-o: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library CVE-2024-9341 - buildah: Build...
RHCOS 4 : OpenShift Container Platform 4.9.38 (RHSA-2022:4972)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:4972 advisory. - cri-o: memory exhaustion on the node when access to the kube api CVE-2022-1708 Note that Nessus has not tested for this issue but has inste...
MiracleLinux 8 : container-tools:rhel8 (AXSA:2022-4425:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4425:01 advisory. golang: net/http/httputil: panic due to racy read of persistConn after handler panic CVE-2021-36221 cri-o: memory exhaustion on the node when access...
TencentOS Server 3: conmon (TSSA-2022:0258)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0258 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
EUVD-2025-0171
Malicious code in bioql PyPI...
EUVD-2024-50452
Malicious code in bioql PyPI...
EUVD-2022-7601
Malicious code in bioql PyPI...
Fedora 44 : cri-o1.33 (2025-7bc36fec81)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-7bc36fec81 advisory. Automatic update for cri-o1.33-1.33.5-1.fc44. Changelog Thu Oct 2 2025 Bradley G Smith - 1.33.5-1 - Update to release v1.33.5 - Resolves: rhbz233335...
CVE-2025-4437
There's a vulnerability in the CRI-O application where when container is launched with securityContext.runAsUser specifying a non-existent user, CRI-O attempts to create the user, reading the container's entire /etc/passwd file into memory. If this file is excessively large, it can cause the a hi...
CVE-2024-9676 affecting package cri-o for versions less than 1.22.3-14
CVE-2024-9676 affecting package cri-o for versions less than 1.22.3-14. A patched version of the package is available...
Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a cri-o security vulnerability (CVE-2024-5154)
Summary Red Hat OpenShift on IBM Cloud is affected by a security vulnerability found in the cri-o component which could allow an attacker to send a specially crafted URL request containing "dot dot" sequences /../ to read and write arbitrary files on the system. Vulnerability Details CVEID:...