RHCOS 3 : OpenShift Container Platform 3.11 (RHSA-2020:2992)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2992 advisory. - cri-o: infra container reparented to systemd following OOM Killer killing it's conmon CVE-2019-14891 - nodejs-minimist: prototype...

RHCOS 4 : OpenShift Container Platform 4.6.56 (RHSA-2022:0866)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:0866 advisory. - cri-o: pod with access to 'hostIPC' and 'hostNetwork' kernel namespace allows sysctl from the list of safe sysctls to be applied t...

RHCOS 4 : OpenShift Container Platform 4.10.12 (RHSA-2022:1600)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1600 advisory. - cri-o: Default inheritable capabilities for linux container should be empty CVE-2022-27652 - credentials: Stored XSS vulnerabiliti...

RHCOS 4 : OpenShift Container Platform 4.10.18 (RHSA-2022:4943)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:4943 advisory. - cri-o: memory exhaustion on the node when access to the kube api CVE-2022-1708 Note that Nessus has not tested for this issue but has inste...

RHCOS 4 : OpenShift Container Platform 4.8.43 (RHSA-2022:4951)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:4951 advisory. - cri-o: memory exhaustion on the node when access to the kube api CVE-2022-1708 Note that Nessus has not tested for this issue but has inste...

RHCOS 4 : OpenShift Container Platform 4.18.2 (RHSA-2025:1908)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:1908 advisory. - cri-o: Checkpoint restore can be triggered from different namespaces CVE-2024-8676 - podman: buildah: Container breakout by using...

RHCOS 4 : OpenShift Container Platform 4.13.45 (RHSA-2024:4486)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:4486 advisory. - cri-o: malicious container can create symlink on host CVE-2024-5154 Note that Nessus has not tested for this issue but has instead relied...

AZL-76796 CVE-2025-47911 affecting package cri-o 1.30.1-1

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

AZL-76845 CVE-2025-47911 affecting package cri-o for versions less than 1.22.3-20

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

AZL-75458 CVE-2025-11065 affecting package cri-o for versions less than 1.22.3-20

A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...

MiracleLinux 8 : container-tools:4.0 (AXSA:2022-4429:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4429:01 advisory. cri-o: memory exhaustion on the node when access to the kube api CVE-2022-1708 golang: crash in a golang.org/x/crypto/ssh server CVE-2022-27191 runc...

CVE-2025-58183 affecting package cri-o for versions less than 1.22.3-17

CVE-2025-58183 affecting package cri-o for versions less than 1.22.3-17. A patched version of the package is available...

Fedora 42 : cri-o1.32 (2025-91677b56d4)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-91677b56d4 advisory. Update to release v1.32.10 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has no...

Fedora 44 : cri-o1.33 (2025-fa02acfc0f)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-fa02acfc0f advisory. Automatic update for cri-o1.33-1.33.6-1.fc44. Changelog Tue Nov 11 2025 Bradley G Smith - 1.33.6-1 - Update to release 1.33.6 - Resolves: rhbz240759...

Fedora 44 : cri-o1.32 (2025-c48cd0beee)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-c48cd0beee advisory. Automatic update for cri-o1.32-1.32.10-1.fc44. Changelog Tue Nov 11 2025 Bradley G Smith - 1.32.10-1 - Update to release v1.32.10 - Resolves:...

[SECURITY] Fedora 43 Update: cri-o1.31-1.31.13-1.fc43

Open Container Initiative-based implementation of Kubernetes Container Runtime Interface...

Fedora 43 : cri-o1.31 (2025-20a9e0e990)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-20a9e0e990 advisory. - Update to release v1.31.13 - Resolves: rhbz2333357, rhbz2398406, rhbz2398661, rhbz2399063, rhbz2399337 - Upstream fix Tenable has extracted the...

[SECURITY] Fedora 42 Update: cri-o1.31-1.31.13-1.fc42

Open Container Initiative-based implementation of Kubernetes Container Runtime Interface...

Fedora 41 : cri-o1.32 (2025-e976788728)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-e976788728 advisory. - Update to release 1.32.9 - Resolves: rhbz2333357, rhbz2398407, rhbz2398662, rhbz2399064, rhbz2399338 - Upstream fix Tenable has extracted the...

Denial Of Service (DoS)

github.com/cri-o/cri-o is vulnerable to Denial Of Service DoS. The vulnerability is due to improper user creation handling due to reading the entire /etc/passwd file into memory when securityContext.runAsUser specifies a non-existent user, leading to excessive memory consumption and potential...