CRI O

DATE	CVE	VULNERABILITY TITLE	RISK
2023-09-25	CVE-2022-4318	Improper Control of Dynamically-Managed Code Resources vulnerability in multiple products A vulnerability was found in cri-o. local low complexity kubernetes redhat fedoraproject CWE-913	7.8
2023-09-15	CVE-2022-3466	Incorrect Default Permissions vulnerability in multiple products The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in OCP 4.9.41 and 4.10.12 via RHBA-2022:5433 and RHSA-2022:1600. local low complexity kubernetes redhat CWE-276	5.3
2022-06-07	CVE-2022-1708	Allocation of Resources Without Limits or Throttling vulnerability in multiple products A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. network low complexity kubernetes fedoraproject redhat CWE-770	7.5
2022-04-18	CVE-2022-27652	Incorrect Default Permissions vulnerability in multiple products A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. local low complexity kubernetes fedoraproject mobyproject redhat CWE-276	4.6
2022-03-16	CVE-2022-0811	Code Injection vulnerability in Kubernetes Cri-O A flaw was found in CRI-O in the way it set kernel options for a pod. network low complexity kubernetes CWE-94 critical	9.0
2022-02-09	CVE-2022-0532	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. network kubernetes redhat CWE-732	4.9
2019-11-25	CVE-2019-14891	Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. network kubernetes fedoraproject redhat CWE-754	6.0
2018-05-18	CVE-2018-1000400	Improper Privilege Management vulnerability in Kubernetes Cri-O Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Switching Error (CWE-270) vulnerability in the handling of ambient capabilities that can result in containers running with elevated privileges, allowing users abilities they should not have. network low complexity kubernetes CWE-269	6.5