Filtered by vendor Redhat Subscriptions
Filtered by product Jaeger Subscriptions
Total 20 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-28500 4 Lodash, Oracle, Redhat and 1 more 25 Lodash, Banking Corporate Lending Process Management, Banking Credit Facilities Process Management and 22 more 2024-09-16 5.3 Medium
Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions.
CVE-2021-23337 5 Lodash, Netapp, Oracle and 2 more 29 Lodash, Active Iq Unified Manager, Cloud Manager and 26 more 2024-09-16 7.2 High
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
CVE-2019-19794 2 Miekg-dns Project, Redhat 3 Miekg-dns, Jaeger, Openstack 2024-08-05 5.9 Medium
The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries.
CVE-2019-10744 5 F5, Lodash, Netapp and 2 more 26 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 23 more 2024-08-04 9.1 Critical
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
CVE-2020-28362 4 Fedoraproject, Golang, Netapp and 1 more 12 Fedora, Go, Cloud Insights Telegraf Agent and 9 more 2024-08-04 7.5 High
Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.
CVE-2020-16845 5 Debian, Fedoraproject, Golang and 2 more 13 Debian Linux, Fedora, Go and 10 more 2024-08-04 7.5 High
Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.
CVE-2020-15586 6 Cloudfoundry, Debian, Fedoraproject and 3 more 15 Cf-deployment, Routing-release, Debian Linux and 12 more 2024-08-04 5.9 Medium
Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time.
CVE-2020-14040 3 Fedoraproject, Golang, Redhat 16 Fedora, Text, 3scale Amp and 13 more 2024-08-04 7.5 High
The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String.
CVE-2020-13949 3 Apache, Oracle, Redhat 6 Hive, Thrift, Communications Cloud Native Core Network Slice Selection Function and 3 more 2024-08-04 7.5 High
In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.
CVE-2020-10750 2 Linuxfoundation, Redhat 2 Jaeger, Jaeger 2024-08-04 7.1 High
Sensitive information written to a log file vulnerability was found in jaegertracing/jaeger before version 1.18.1 when the Kafka data store is used. This flaw allows an attacker with access to the container's log file to discover the Kafka credentials.
CVE-2020-9283 3 Debian, Golang, Redhat 7 Debian Linux, Package Ssh, 3scale Amp and 4 more 2024-08-04 7.5 High
golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client.
CVE-2020-8203 3 Lodash, Oracle, Redhat 24 Lodash, Banking Corporate Lending Process Management, Banking Credit Facilities Process Management and 21 more 2024-08-04 7.4 High
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
CVE-2021-34558 5 Fedoraproject, Golang, Netapp and 2 more 19 Fedora, Go, Cloud Insights Telegraf and 16 more 2024-08-04 6.5 Medium
The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.
CVE-2021-33197 2 Golang, Redhat 11 Go, Advanced Cluster Security, Container Native Virtualization and 8 more 2024-08-03 5.3 Medium
In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.
CVE-2021-33195 3 Golang, Netapp, Redhat 12 Go, Cloud Insights Telegraf Agent, Advanced Cluster Security and 9 more 2024-08-03 7.3 High
Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.
CVE-2021-33198 2 Golang, Redhat 13 Go, Advanced Cluster Security, Container Native Virtualization and 10 more 2024-08-03 7.5 High
In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.
CVE-2021-33196 3 Debian, Golang, Redhat 8 Debian Linux, Go, Devtools and 5 more 2024-08-03 7.5 High
In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic.
CVE-2021-31525 3 Fedoraproject, Golang, Redhat 11 Fedora, Go, Advanced Cluster Security and 8 more 2024-08-03 5.9 Medium
net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.
CVE-2021-27292 2 Redhat, Ua-parser-js Project 5 Acm, Jaeger, Logging and 2 more 2024-08-03 7.5 High
ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header, ua-parser-js will get stuck processing it for an extended period of time.
CVE-2021-3114 5 Debian, Fedoraproject, Golang and 2 more 13 Debian Linux, Fedora, Go and 10 more 2024-08-03 6.5 Medium
In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.