Vulnerabilities > Kubernetes > CRI O > High

DATE CVE VULNERABILITY TITLE RISK
2023-09-25 CVE-2022-4318 Improper Control of Dynamically-Managed Code Resources vulnerability in multiple products
A vulnerability was found in cri-o.
local
low complexity
kubernetes redhat fedoraproject CWE-913
7.8
2022-09-19 CVE-2022-2995 Incorrect Permission Assignment for Critical Resource vulnerability in Kubernetes Cri-O 1.25.0
Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.
local
low complexity
kubernetes CWE-732
7.1
2022-06-07 CVE-2022-1708 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API.
network
low complexity
kubernetes fedoraproject redhat CWE-770
7.5
2022-03-16 CVE-2022-0811 Code Injection vulnerability in Kubernetes Cri-O
A flaw was found in CRI-O in the way it set kernel options for a pod.
network
low complexity
kubernetes CWE-94
8.8
2018-05-18 CVE-2018-1000400 Improper Privilege Management vulnerability in Kubernetes Cri-O
Kubernetes CRI-O version prior to 1.9 contains a Privilege Context Switching Error (CWE-270) vulnerability in the handling of ambient capabilities that can result in containers running with elevated privileges, allowing users abilities they should not have.
network
low complexity
kubernetes CWE-269
8.8