Trident@- Security Vulnerabilities and Issues — Trident@- CVE List

Lucene search

NetappTrident-

11 matches found

CVE•added 2019/08/13 9:15 p.m.•744 views

CVE-2019-9514

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STR...

7.8CVSS7.9AI score0.10058EPSS

CVE•added 2021/07/15 2:15 p.m.•554 views

CVE-2021-34558

The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.

6.5CVSS7AI score0.00839EPSS

CVE•added 2020/11/18 5:15 p.m.•426 views

CVE-2020-28362

Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.

7.5CVSS7.5AI score0.0015EPSS

CVE•added 2018/12/05 9:29 p.m.•421 views

CVE-2018-1002105

In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests...

9.8CVSS7.4AI score0.90405EPSS

CVE•added 2020/11/18 5:15 p.m.•232 views

CVE-2020-28366

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file.

7.5CVSS8.1AI score0.00218EPSS

CVE•added 2020/12/14 8:15 p.m.•223 views

CVE-2020-29509

The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications...

9.8CVSS6.1AI score0.0033EPSS

CVE•added 2020/12/14 8:15 p.m.•211 views

CVE-2020-29511

The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.

9.8CVSS6.1AI score0.0033EPSS

CVE•added 2021/10/29 4:15 a.m.•116 views

CVE-2021-25742

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.

7.6CVSS6.7AI score0.00648EPSS

CVE•added 2020/12/14 8:15 p.m.•90 views

CVE-2020-29510

The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.

9.8CVSS6.1AI score0.00166EPSS

CVE•added 2019/04/22 3:29 p.m.•87 views

CVE-2019-11244

In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). If --cache-dir is specified and pointed at a different location accessible to other users/groups, the...

5CVSS4.6AI score0.00102EPSS

CVE•added 2019/04/22 3:29 p.m.•58 views

CVE-2019-11243

In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client certificate/key data). In the affected versions, rest.AnonymousClientConfig() did not effectively clear ser...

8.1CVSS7.9AI score0.00241EPSS