Vulnerabilities > Netapp > Cloud Insights Telegraf

DATE CVE VULNERABILITY TITLE RISK
2022-08-10 CVE-2022-28131 Uncontrolled Recursion vulnerability in multiple products
Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.
network
low complexity
golang fedoraproject netapp CWE-674
7.5
2022-01-24 CVE-2021-39293 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic.
network
low complexity
golang netapp CWE-770
7.5
2022-01-01 CVE-2021-44716 Resource Exhaustion vulnerability in multiple products
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.
network
low complexity
golang debian netapp CWE-400
7.5
2021-07-15 CVE-2021-34558 Improper Certificate Validation vulnerability in multiple products
The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.
network
low complexity
golang fedoraproject netapp oracle CWE-295
6.5
2020-03-16 CVE-2020-7919 Improper Certificate Validation vulnerability in multiple products
Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate.
network
low complexity
golang debian fedoraproject netapp CWE-295
7.5