Lucene search
K
NetappTrident

11 matches found

CVE
CVE
added 2019/08/13 12:0 a.m.859 views

CVE-2019-9514

CVE-2019-9514 corresponds to an HTTP/2 vulnerability where an attacker floods a peer by sending HEADERS frames, causing unbounded memory growth and potential DoS. Public details in connected advisories show affected stacks include Go HTTP/2 implementations and Go-based tools, with remediation via...

7.8CVSS7.9AI score0.82813EPSS
CVE
CVE
added 2018/12/05 9:0 p.m.629 views

CVE-2018-1002105

CVE-2018-1002105 affects Kubernetes: before versions v1.10.11, v1.11.5, and v1.12.3, the kube-apiserver mishandles error responses to proxied upgrade requests. This flaw lets specially crafted requests establish a connection through the API server to backends and then send arbitrary requests over...

9.8CVSS7.4AI score0.86978EPSS
CVE
CVE
added 2021/07/15 1:47 p.m.623 views

CVE-2021-34558

CVE-2021-34558 affects the Go crypto/tls implementation. In Go up to 1.16.5, the certificate public-key type is not properly validated for RSA-based key exchanges, allowing a TLS server to trigger a panic in the client. Several connected advisories link this to Go’s TLS handling and note remediat...

6.5CVSS7AI score0.07032EPSS
CVE
CVE
added 2020/11/18 4:27 p.m.478 views

CVE-2020-28362

CVE-2020-28362 affects Go up to 1.14.12 and 1.15.x up to 1.15.4. The issue is a Denial of Service caused by a panic in math/big during recursive division of very large numbers, exploitable via Go tooling/build processes. Remediation: upgrade Go to a remediate version (Go 1.14.12+ or 1.15.4+ as ap...

7.5CVSS7.5AI score0.03813EPSS
CVE
CVE
added 2020/11/18 12:0 a.m.265 views

CVE-2020-28366

CVE-2020-28366 affects the Go toolchain: code injection/arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file, impacting go commands using cgo before Go 1.14.12 and Go 1.15.5. The described impact is at build time, not runtime, with a high-severity pr...

7.5CVSS8.1AI score0.02244EPSS
CVE
CVE
added 2020/12/14 8:2 p.m.247 views

CVE-2020-29509

CVE-2020-29509 affects the Go encoding/xml package (all versions) where tokenization round-trips do not preserve attribute namespace prefixes, enabling inputs that behave inconsistently across processing stages in affected downstream applications. Connected sources confirm the vulnerability in Go...

9.8CVSS6.1AI score0.02081EPSS
CVE
CVE
added 2020/12/14 7:59 p.m.233 views

CVE-2020-29511

CVE-2020-29511 affects the Go standard library encoding/xml. The initial description states that all Go versions fail to preserve the semantics of element namespace prefixes during tokenization round-trips, enabling inputs that may behave inconsistently across processing stages in affected downst...

9.8CVSS6.1AI score0.01942EPSS
CVE
CVE
added 2019/04/22 2:54 p.m.144 views

CVE-2019-11244

CVE-2019-11244 affects Kubernetes kubectl caching: in Kubernetes v1.8.x–v1.14.x, schema info is cached in a world-writable directory by default at --cache-dir (often $HOME/.kube/http-cache). If the cache-dir is accessible to other users, files may be modified and disrupt kubectl invocation. Publi...

5CVSS4.6AI score0.00483EPSS
CVE
CVE
added 2021/10/29 4:5 a.m.144 views

CVE-2021-25742

CVE-2021-25742 affects the Kubernetes NGINX Ingress Controller via the custom snippets feature. A user who can create or update ingress objects can exploit this flaw to obtain all secrets in the cluster (cross-namespace access). This is tied to ingress-nginx behavior rather than a generic service...

7.6CVSS6.7AI score0.01784EPSS
CVE
CVE
added 2020/12/14 7:57 p.m.107 views

CVE-2020-29510

CVE-2020-29510 concerns the encoding/xml package in Go versions 1.15 and earlier, where tokenization round-trips fail to preserve directive semantics. This can let an attacker craft inputs that behave differently across processing stages in affected downstream applications. The connected OSV entr...

9.8CVSS6.1AI score0.02047EPSS
CVE
CVE
added 2019/04/22 2:54 p.m.80 views

CVE-2019-11243

Kubernetes CVE-2019-11243 affects v1.12.0–v1.12.4 and v1.13.0, where rest.AnonymousClientConfig() copies the config without clearing service account credentials loaded via rest.InClusterConfig(), potentially exposing credentials. Upgrade to a fixed version per vendor advisories.

8.1CVSS7.9AI score0.01492EPSS