Cloud Insights Telegraf Agent

cloud_insights_telegraf_agent

Vendor: Netapp • 10 CVEs

CVEs (10)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-30634 2Golang Netapp 2Cloud Insights Telegraf Agent Go Nov 21, 2024 Jul 15, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.
CVE-2022-23806 3Debian GolangNetapp 6Beegfs Csi Driver Cloud Insights Telegraf AgentDebian Linux+3 more Nov 21, 2024 Feb 11, 2022 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.
CVE-2022-23773 2Golang Netapp 5Beegfs Csi Driver Cloud Insights Telegraf AgentGo+2 more Nov 21, 2024 Feb 11, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches b...Show more cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.Show less
CVE-2022-23772 3Debian GolangNetapp 6Beegfs Csi Driver Cloud Insights Telegraf AgentDebian Linux+3 more Nov 21, 2024 Feb 11, 2022 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.
CVE-2021-33195 2Golang Netapp 2Cloud Insights Telegraf Agent Go Nov 21, 2024 Aug 2, 2021 N/A· v4 7.3 HIGH· v3 7.5 HIGH· v2 Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC...Show more Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.Show less
CVE-2021-3115 3Fedoraproject GolangNetapp 4Cloud Insights Telegraf Agent FedoraGo+1 more Nov 21, 2024 Jan 26, 2021 N/A· v4 7.5 HIGH· v3 5.1 MEDIUM· v2 Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc...Show more Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).Show less
CVE-2021-3114 4Debian FedoraprojectGolang+1 more 5Cloud Insights Telegraf Agent Debian LinuxFedora+2 more Nov 21, 2024 Jan 26, 2021 N/A· v4 6.5 MEDIUM· v3 6.4 MEDIUM· v2 In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.
CVE-2020-28366 3Fedoraproject GolangNetapp 4Cloud Insights Telegraf Agent FedoraGo+1 more Nov 21, 2024 Nov 18, 2020 N/A· v4 7.5 HIGH· v3 5.1 MEDIUM· v2 Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file.
CVE-2020-28362 3Fedoraproject GolangNetapp 4Cloud Insights Telegraf Agent FedoraGo+1 more Nov 21, 2024 Nov 18, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.
CVE-2019-16276 6Debian FedoraprojectGolang+3 more 9Cloud Insights Telegraf Agent Debian LinuxDeveloper Tools+6 more Nov 21, 2024 Sep 30, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.