15 matches found
AZL-78659 CVE-2026-27141 affecting package cri-o 1.30.1-1
Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic...
AZL-57289 CVE-2025-22869 affecting package cri-o 1.30.1-1
SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted...
AZL-55067 CVE-2025-21613 affecting package cri-o 1.30.1-1
go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only...
AZL-48525 CVE-2024-45310 affecting package cri-o 1.30.1-1
runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers an...
CVE-2023-45288 affecting package cri-tools for versions less than 1.30.1-1
CVE-2023-45288 affecting package cri-tools for versions less than 1.30.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2024-28180 affecting package cri-o for versions less than 1.30.1-1
CVE-2024-28180 affecting package cri-o for versions less than 1.30.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2023-49568 affecting package cri-o for versions less than 1.30.1-1
CVE-2023-49568 affecting package cri-o for versions less than 1.30.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2024-24786 affecting package cri-o for versions less than 1.30.1-1
CVE-2024-24786 affecting package cri-o for versions less than 1.30.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2022-2879 affecting package cri-o for versions less than 1.30.1-1
CVE-2022-2879 affecting package cri-o for versions less than 1.30.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2023-47108 affecting package cri-o for versions less than 1.30.1-1
CVE-2023-47108 affecting package cri-o for versions less than 1.30.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2024-24786 affecting package kubernetes for versions less than 1.30.1-1
CVE-2024-24786 affecting package kubernetes for versions less than 1.30.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2023-49569 affecting package cri-o for versions less than 1.30.1-1
CVE-2023-49569 affecting package cri-o for versions less than 1.30.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2023-45288 affecting package kubernetes for versions less than 1.30.1-1
CVE-2023-45288 affecting package kubernetes for versions less than 1.30.1-1. An upgraded version of the package is available that resolves this issue...
AZL-34896 CVE-2024-21626 affecting package kubernetes for versions less than 1.30.1-1
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process from runc exec to have a working directory in the host filesystem...
AZL-44052 CVE-2022-2879 affecting package cri-o 1.30.1-1
Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB...