Vulnerabilities > Kubernetes > CRI O > 1.0.4

DATE CVE VULNERABILITY TITLE RISK
2022-06-07 CVE-2022-1708 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API.
network
low complexity
kubernetes fedoraproject redhat CWE-770
7.5
2022-02-09 CVE-2022-0532 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier.
4.9
2019-11-25 CVE-2019-14891 Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products
A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup.
6.0
2018-05-18 CVE-2018-1000400 Improper Privilege Management vulnerability in Kubernetes Cri-O
Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Switching Error (CWE-270) vulnerability in the handling of ambient capabilities that can result in containers running with elevated privileges, allowing users abilities they should not have.
network
low complexity
kubernetes CWE-269
6.5