Trident NetApp Trident

Do you want an email whenever new security vulnerabilities are reported in NetApp Trident?

By the Year

In 2021 there have been 1 vulnerability in NetApp Trident with an average score of 6.5 out of ten. Last year Trident had 4 security vulnerabilities published. Right now, Trident is on track to have less security vulnerabilities in 2021 than it did last year. However, the average CVE base score of the vulnerabilities in 2021 is greater by 0.43.

Year Vulnerabilities Average Score
2021 1 6.50
2020 4 6.08
2019 0 0.00
2018 1 9.80

It may take a day or so for new Trident vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent NetApp Trident Security Vulnerabilities

The crypto/tls package of Go through 1.16.5 does not properly assert

CVE-2021-34558 6.5 - Medium - July 15, 2021

The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.

Improper Certificate Validation

The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs

CVE-2020-29509 5.6 - Medium - December 14, 2020

The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.

The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs

CVE-2020-29510 5.6 - Medium - December 14, 2020

The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.

The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs

CVE-2020-29511 5.6 - Medium - December 14, 2020

The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.

Go before 1.14.12 and 1.15.x before 1.15.4

CVE-2020-28362 7.5 - High - November 18, 2020

Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.

Improper Certificate Validation

In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver

CVE-2018-1002105 9.8 - Critical - December 05, 2018

In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection.

7PK - Errors

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Red Hat Openshift Container Platform or by NetApp? Click the Watch button to subscribe.

NetApp
Vendor

subscribe