Vulnerabilities > Netapp > Trident > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-10-29 | CVE-2021-25742 | A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster. | 7.1 |
2020-11-18 | CVE-2020-28366 | Code Injection vulnerability in multiple products Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file. | 7.5 |
2020-11-18 | CVE-2020-28362 | Improper Certificate Validation vulnerability in multiple products Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. | 7.5 |
2019-08-13 | CVE-2019-9514 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. | 7.5 |
2019-04-22 | CVE-2019-11243 | Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client certificate/key data). | 8.1 |