Trident NetApp Trident

Do you want an email whenever new security vulnerabilities are reported in NetApp Trident?

By the Year

In 2022 there have been 0 vulnerabilities in NetApp Trident . Last year Trident had 2 security vulnerabilities published. Right now, Trident is on track to have less security vulnerabilities in 2022 than it did last year.

Year Vulnerabilities Average Score
2022 0 0.00
2021 2 6.80
2020 6 6.55
2019 1 7.50
2018 1 9.80

It may take a day or so for new Trident vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent NetApp Trident Security Vulnerabilities

A security issue was discovered in ingress-nginx where a user

CVE-2021-25742 7.1 - High - October 29, 2021

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.

The crypto/tls package of Go through 1.16.5 does not properly assert

CVE-2021-34558 6.5 - Medium - July 15, 2021

The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.

Improper Certificate Validation

The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs

CVE-2020-29509 5.6 - Medium - December 14, 2020

The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.

The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs

CVE-2020-29510 5.6 - Medium - December 14, 2020

The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.

The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs

CVE-2020-29511 5.6 - Medium - December 14, 2020

The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.

Go before 1.14.12 and 1.15.x before 1.15.4

CVE-2020-28362 7.5 - High - November 18, 2020

Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.

Improper Certificate Validation

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5

CVE-2020-28367 7.5 - High - November 18, 2020

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive.

Argument Injection

Go before 1.14.12 and 1.15.x before 1.15.5

CVE-2020-28366 7.5 - High - November 18, 2020

Go before 1.14.12 and 1.15.x before 1.15.5 allows Code Injection.

Code Injection

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service

CVE-2019-9514 7.5 - High - August 13, 2019

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.

Allocation of Resources Without Limits or Throttling

In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver

CVE-2018-1002105 9.8 - Critical - December 05, 2018

In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection.

7PK - Errors

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Red Hat Openshift Container Platform or by NetApp? Click the Watch button to subscribe.

NetApp
Vendor

subscribe