CVE-2025-11065 affecting package cri-o for versions less than 1.22.3-20

CVE-2025-11065 affecting package cri-o for versions less than 1.22.3-20. A patched version of the package is available...

AZL-78659 CVE-2026-27141 affecting package cri-o 1.30.1-1

Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic...

AZL-76799 CVE-2025-58190 affecting package cri-o 1.30.1-1

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

AZL-75375 CVE-2025-11065 affecting package cri-o 1.30.1-1

A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...

CVE-2025-65637 affecting package cri-o for versions less than 1.22.3-18

CVE-2025-65637 affecting package cri-o for versions less than 1.22.3-18. A patched version of the package is available...

Fedora 43 : cri-o1.32 (2025-a246780676)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-a246780676 advisory. - Update to release v1.32.10 - Resolves: rhbz2407593, rhbz2407864, rhbz2408140, rhbz2408571 - Resolves: rhbz2408638, rhbz2408701, rhbz2409048,...

CVE-2025-21613 affecting package cri-o for versions less than 1.22.3-12

CVE-2025-21613 affecting package cri-o for versions less than 1.22.3-12. A patched version of the package is available...

CVE-2023-49569 affecting package cri-o for versions less than 1.22.3-12

CVE-2023-49569 affecting package cri-o for versions less than 1.22.3-12. A patched version of the package is available...

AZL-61812 CVE-2025-22872 affecting package cri-o 1.30.1-1

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

CVE-2025-21614 affecting package cri-o for versions less than 1.22.3-13

CVE-2025-21614 affecting package cri-o for versions less than 1.22.3-13. A patched version of the package is available...

CVE-2024-44337 affecting package cri-o for versions less than 1.22.3-11

CVE-2024-44337 affecting package cri-o for versions less than 1.22.3-11. A patched version of the package is available...

CVE-2023-6476 affecting package cri-o for versions less than 1.22.3-10

CVE-2023-6476 affecting package cri-o for versions less than 1.22.3-10. A patched version of the package is available...

Azure Linux 3.0 Security Update: containerized-data-importer / cri-o / ig / libcontainers-common / skopeo (CVE-2024-3727)

The version of containerized-data-importer / cri-o / ig / libcontainers-common / skopeo installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-3727 advisory. - A flaw was found in the...

CVE-2024-9341 affecting package cri-o for versions less than 1.22.3-9

CVE-2024-9341 affecting package cri-o for versions less than 1.22.3-9. A patched version of the package is available...

CVE-2024-45338 affecting package cri-o for versions less than 1.22.3-9

CVE-2024-45338 affecting package cri-o for versions less than 1.22.3-9. A patched version of the package is available...

AZL-55073 CVE-2025-21614 affecting package cri-o 1.30.1-1

go-git is a highly extensible git implementation library written in pure Go. A denial of service DoS vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git serve...

AZL-55067 CVE-2025-21613 affecting package cri-o 1.30.1-1

go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only...

CVE-2021-43565 affecting package cri-o for versions less than 1.22.3-5

CVE-2021-43565 affecting package cri-o for versions less than 1.22.3-5. A patched version of the package is available...

CVE-2024-24786 affecting package cri-o for versions less than 1.30.1-1

CVE-2024-24786 affecting package cri-o for versions less than 1.30.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-3154 affecting package cri-o for versions less than 1.30.1-1

CVE-2024-3154 affecting package cri-o for versions less than 1.30.1-1. An upgraded version of the package is available that resolves this issue...