EUVD-2022-6897

Malicious code in bioql PyPI...

PT-2024-3765 · Unknown +2 · Cri-O Container Engine +2

Name of the Vulnerable Software and Affected Versions: CRI-O Container Engine versions prior to the fixed version Description: A flaw was found in CRI-O, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perfor...

The vulnerability of the CRI-O Container Engine’s application programming interface allows a attacker to disclose confidential information or alter arbitrary data.

The vulnerability of the CRI-O Container Engine’s application programming interface, a software platform for managing clusters of virtual machines in Kubernetes, is related to improper access control. Exploiting this vulnerability can allow an attacker to disclose confidential information or alte...

ROS-20240329-10

Vulnerability of http2 package of Go programming language is related to uncontrolled server resources consumption as a result of resetting Server.MaxConcurrentStreams parameter during request stream processing. as a result of resetting the Server.MaxConcurrentStreams parameter when processing a...

RHCOS 4 : OpenShift Container Platform 4.10.60 (RHSA-2023:3216)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:3216 advisory. - cri-o: incorrect handling of the supplementary groups CVE-2022-2995 Note that Nessus has not tested for this issue but has instead relied...

CVE-2022-2995

Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute...

CVE-2022-2995

Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute...

CVE-2022-2995

Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute...

CVE-2022-2995

CVE-2022-2995 affects the CRI-O container engine (CRI-O) where incorrect handling of supplementary groups can lead to sensitive information disclosure or data modification if an attacker can access the affected container and execute code there. The issue is referenced across multiple advisories (...

PT-2022-7292 · Cri-O +2 · Cri-O +2

Name of the Vulnerable Software and Affected Versions: CRI-O affected versions not specified Description: The issue is related to the incorrect handling of supplementary groups in the CRI-O container engine, which may lead to sensitive information disclosure or possible data modification. This ca...