Every CVE whose affected-product data names Netapp Trident, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2020-29509 — CVSS 9.8 (critical): The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization…
CVE-2020-29510 — CVSS 9.8 (critical): The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization…
CVE-2020-29511 — CVSS 9.8 (critical): The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization…
CVE-2018-1002105 — CVSS 9.8 (critical): In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in…
CVE-2019-11243 — CVSS 8.1 (high): In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials…
CVE-2021-25742 — CVSS 7.6 (high): A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature…
CVE-2020-28366 — CVSS 7.5 (high): Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious…
CVE-2019-9514 — CVSS 7.5 (high): Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of…
CVE-2021-34558 — CVSS 6.5 (medium): The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the…
CVE-2019-11244 — CVSS 5.0 (medium): In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to…