rpm package
opensuse/cri-o&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/cri-o&distro=openSUSE%20Tumbleweed
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-1708 | — | < 1.24.1-1.1 | 1.24.1-1.1 | Jun 7, 2022 | A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and | ||
| CVE-2019-10214 | — | < 1.22.0-1.2 | 1.22.0-1.2 | Nov 25, 2019 | The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulne | ||
| CVE-2018-16874 | — | < 1.22.0-1.2 | 1.22.0-1.2 | Dec 14, 2018 | In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only vulnerable in GOPATH mode, but | ||
| CVE-2018-16873 | — | < 1.22.0-1.2 | 1.22.0-1.2 | Dec 14, 2018 | In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPA |
- CVE-2022-1708Jun 7, 2022affected < 1.24.1-1.1fixed 1.24.1-1.1
A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and
- CVE-2019-10214Nov 25, 2019affected < 1.22.0-1.2fixed 1.22.0-1.2
The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulne
- CVE-2018-16874Dec 14, 2018affected < 1.22.0-1.2fixed 1.22.0-1.2
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only vulnerable in GOPATH mode, but
- CVE-2018-16873Dec 14, 2018affected < 1.22.0-1.2fixed 1.22.0-1.2
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPA