Latest netapp cloud insights telegraf agent Vulnerabilities

CVE-2022-30634
Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.
Golang Go<1.17.11
Golang Go>=1.18.0<1.18.3
Microsoft Windows
Netapp Cloud Insights Telegraf Agent
CVE-2022-23773
An unspecified error with not treating branches with semantic-version names as releases in cmd/go in Golang Go has an unknown impact and attack vector.
Golang Go<1.16.14
Golang Go>=1.17.0<1.17.7
Netapp Beegfs Csi Driver
Netapp Cloud Insights Telegraf Agent
Netapp Kubernetes Monitoring Operator
Netapp Storagegrid
and 17 more
CVE-2022-23806
A flaw was found in the elliptic package of the crypto library in golang when the IsOnCurve function could return true for invalid field elements. This flaw allows an attacker to take advantage of thi...
redhat/go<1.17.7
redhat/go<1.16.14
redhat/openshift-serverless-clients<0:1.1.0-3.el8
redhat/servicemesh<0:2.1.3-1.el8
redhat/servicemesh-operator<0:2.1.3-2.el8
redhat/servicemesh-prometheus<0:2.23.0-7.el8
and 21 more
CVE-2022-23772
A flaw was found in the big package of the math library in golang. The Rat.SetString could cause an overflow, and if left unhandled, it could lead to excessive memory use. This issue could allow a rem...
IBM Cloud Pak for Security<=1.10.0.0 - 1.10.11.0
IBM QRadar Suite Software<=1.10.12.0 - 1.10.16.0
Golang Go<1.16.14
Golang Go>=1.17.0<1.17.7
Netapp Beegfs Csi Driver
Netapp Cloud Insights Telegraf Agent
and 14 more
CVE-2021-33195
Golang Go could allow a remote attacker to execute arbitrary code on the system, caused by not following RFC 1035 rules in the LookupCNAME, LookupSRV, LookupMX, LookupNS, and LookupAddr functions in n...
IBM Cloud Pak for Security<=1.10.0.0 - 1.10.11.0
IBM QRadar Suite Software<=1.10.12.0 - 1.10.16.0
Golang Go<1.15.13
Golang Go>=1.16.0<1.16.5
Netapp Cloud Insights Telegraf Agent
redhat/openshift-serverless-clients<0:0.23.2-1.el8
and 24 more
CVE-2021-3115
Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, c...
redhat/openshift-serverless-clients<0:0.20.0-6.el8
redhat/openshift-serverless-clients<0:0.20.0-7.el8
Golang Go<1.14.14
Golang Go>=1.15<1.15.7
Microsoft Windows
Fedoraproject Fedora=33
and 2 more
CVE-2021-3114
An unspecified error with the P224() Curve implementation can generate incorrect outputs in Golang Go has an unknown impact and attack vector.
debian/golang-1.11
debian/golang-1.15
redhat/go<1.15.7
redhat/go<1.14.14
redhat/heketi<0:10.4.0-2.el7
redhat/openshift-serverless-clients<0:0.20.0-6.el8
and 20 more
CVE-2020-28362
Golang Go is vulnerable to a denial of service, caused by improper input validation by the math/big.Int methods. By sending a specially-crafted inputs, a remote attacker could exploit this vulnerabili...
redhat/openshift-serverless-clients<0:0.18.4-2.el8
redhat/kiali<0:v1.24.4.redhat2-1.el8
redhat/go-toolset<1.14-0:1.14.12-1.el7_9
redhat/go-toolset<1.14-golang-0:1.14.12-1.el7_9
redhat/cri-o<0:1.19.1-2.rhaos4.6.git2af9ecf.el8
redhat/openshift<0:4.6.0-202012190744.p0.git.94235.c62c6f7.el8
and 16 more
CVE-2020-28366
Golang Go could allow a remote attacker to execute arbitrary code on the system, caused by a code injection flaw in go command when cgo is in use in build time. By using a specially-crafted package, a...
redhat/go<1.15.5
redhat/go<1.14.12
redhat/openshift-serverless-clients<0:0.18.4-2.el8
redhat/go-toolset<1.14-0:1.14.12-1.el7_9
redhat/go-toolset<1.14-golang-0:1.14.12-1.el7_9
Golang Go<1.14.12
and 7 more
CVE-2019-16276
Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.
Golang Go<1.12.10
Golang Go>=1.13<1.13.1
Debian Debian Linux=9.0
openSUSE Leap=15.0
openSUSE Leap=15.1
Fedoraproject Fedora=29
and 10 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203