High

DATE	CVE	VULNERABILITY TITLE	RISK
2021-10-29	CVE-2021-25742	A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster. network low complexity kubernetes netapp	7.1
2020-11-18	CVE-2020-28366	Code Injection vulnerability in multiple products Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file. network high complexity golang fedoraproject netapp CWE-94	7.5
2020-11-18	CVE-2020-28362	Improper Certificate Validation vulnerability in multiple products Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. network low complexity golang fedoraproject netapp CWE-295	7.5
2019-08-13	CVE-2019-9514	Allocation of Resources Without Limits or Throttling vulnerability in multiple products Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. network low complexity apple apache debian canonical synology fedoraproject opensuse redhat oracle mcafee netapp f5 nodejs CWE-770	7.5
2019-04-22	CVE-2019-11243	Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client certificate/key data). network high complexity kubernetes netapp CWE-212	8.1