AZL-77049 CVE-2025-58190 affecting package sriov-network-device-plugin for versions less than 3.6.2-11

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

AZL-77093 CVE-2025-58190 affecting package sriov-network-device-plugin 3.7.0-4

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

AZL-77046 CVE-2025-47911 affecting package sriov-network-device-plugin for versions less than 3.6.2-11

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

AZL-60601 CVE-2025-22872 affecting package sriov-network-device-plugin for versions less than 3.6.2-9

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

AZL-54464 CVE-2024-45338 affecting package sriov-network-device-plugin for versions less than 3.7.0-2

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

AZL-39154 CVE-2023-45288 affecting package sriov-network-device-plugin for versions less than 3.6.2-3

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...

AZL-35598 CVE-2024-24786 affecting package sriov-network-device-plugin for versions less than 3.6.2-6

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

AZL-35282 CVE-2023-44487 affecting package sriov-network-device-plugin for versions less than 3.5.1-2

The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...

AZL-33645 CVE-2022-41717 affecting package sriov-network-device-plugin for versions less than 3.6.2-2

An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate...

AZL-35285 CVE-2022-32149 affecting package sriov-network-device-plugin for versions less than 3.7.0-1

An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse...

AZL-33644 CVE-2022-29526 affecting package sriov-network-device-plugin for versions less than 3.6.2-2

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible...

AZL-41344 CVE-2022-1996 affecting package sriov-network-device-plugin for versions less than 3.7.0-1

Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0...