rpm package
opensuse/cri-o&distro=openSUSE Leap 15.1
pkg:rpm/opensuse/cri-o&distro=openSUSE%20Leap%2015.1
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-10214 | — | < 1.17.1-lp151.2.2 | 1.17.1-lp151.2.2 | Nov 25, 2019 | The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulne | ||
| CVE-2018-16874 | — | < 1.17.1-lp151.2.2 | 1.17.1-lp151.2.2 | Dec 14, 2018 | In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only vulnerable in GOPATH mode, but | ||
| CVE-2018-16873 | — | < 1.17.1-lp151.2.2 | 1.17.1-lp151.2.2 | Dec 14, 2018 | In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPA | ||
| CVE-2018-1002105 | — | < 1.17.1-lp151.2.2 | 1.17.1-lp151.2.2 | Dec 5, 2018 | In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send | ||
| CVE-2017-1002101 | — | < 1.17.1-lp151.2.2 | 1.17.1-lp151.2.2 | Mar 13, 2018 | In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including t | ||
| CVE-2016-8859 | Cri | 9.8 | < 1.17.1-lp151.2.2 | 1.17.1-lp151.2.2 | Feb 13, 2017 | Multiple integer overflows in the TRE library and musl libc allow attackers to cause memory corruption via a large number of (1) states or (2) tags, which triggers an out-of-bounds write. | |
| CVE-2016-5195 | Hig | 7.0 | KEV | < 1.17.1-lp151.2.2 | 1.17.1-lp151.2.2 | Nov 10, 2016 | Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW." |
- CVE-2019-10214Nov 25, 2019affected < 1.17.1-lp151.2.2fixed 1.17.1-lp151.2.2
The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulne
- CVE-2018-16874Dec 14, 2018affected < 1.17.1-lp151.2.2fixed 1.17.1-lp151.2.2
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only vulnerable in GOPATH mode, but
- CVE-2018-16873Dec 14, 2018affected < 1.17.1-lp151.2.2fixed 1.17.1-lp151.2.2
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPA
- CVE-2018-1002105Dec 5, 2018affected < 1.17.1-lp151.2.2fixed 1.17.1-lp151.2.2
In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send
- CVE-2017-1002101Mar 13, 2018affected < 1.17.1-lp151.2.2fixed 1.17.1-lp151.2.2
In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including t
- affected < 1.17.1-lp151.2.2fixed 1.17.1-lp151.2.2
Multiple integer overflows in the TRE library and musl libc allow attackers to cause memory corruption via a large number of (1) states or (2) tags, which triggers an out-of-bounds write.
- affected < 1.17.1-lp151.2.2fixed 1.17.1-lp151.2.2
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."