NetApp Cloud Insights Telegraf Agent
By the Year
In 2024 there have been 0 vulnerabilities in NetApp Cloud Insights Telegraf Agent . Cloud Insights Telegraf Agent did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 5 | 6.94 |
| 2021 | 3 | 7.10 |
| 2020 | 3 | 7.50 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Cloud Insights Telegraf Agent vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent NetApp Cloud Insights Telegraf Agent Security Vulnerabilities
Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker
CVE-2022-30629
3.1 - Low
- August 10, 2022
Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.
Use of Insufficiently Random Values
Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows
CVE-2022-30634
7.5 - High
- July 15, 2022
Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.
Infinite Loop
Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value
CVE-2022-23806
9.1 - Critical
- February 11, 2022
Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.
Unchecked Return Value
cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags
CVE-2022-23773
7.5 - High
- February 11, 2022
cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.
Interpretation Conflict
Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow
CVE-2022-23772
7.5 - High
- February 11, 2022
Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.
Integer Overflow or Wraparound
Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups
CVE-2021-33195
7.3 - High
- August 02, 2021
Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.
Injection
In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go
CVE-2021-3114
6.5 - Medium
- January 26, 2021
In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.
Incorrect Calculation
Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules
CVE-2021-3115
7.5 - High
- January 26, 2021
Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).
DLL preloading
Go before 1.14.12 and 1.15.x before 1.15.4
CVE-2020-28362
7.5 - High
- November 18, 2020
Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.
Improper Certificate Validation
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5
CVE-2020-28367
7.5 - High
- November 18, 2020
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive.
Code Injection
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5
CVE-2020-28366
7.5 - High
- November 18, 2020
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file.
Code Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for NetApp Cloud Insights Telegraf Agent or by NetApp? Click the Watch button to subscribe.
