Filtered by vendor Redhat
Subscriptions
Filtered by product Jaeger
Subscriptions
Total
20 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-28500 | 4 Lodash, Oracle, Redhat and 1 more | 25 Lodash, Banking Corporate Lending Process Management, Banking Credit Facilities Process Management and 22 more | 2024-09-16 | 5.3 Medium |
Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions. | ||||
CVE-2021-23337 | 5 Lodash, Netapp, Oracle and 2 more | 29 Lodash, Active Iq Unified Manager, Cloud Manager and 26 more | 2024-09-16 | 7.2 High |
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. | ||||
CVE-2019-19794 | 2 Miekg-dns Project, Redhat | 3 Miekg-dns, Jaeger, Openstack | 2024-08-05 | 5.9 Medium |
The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries. | ||||
CVE-2019-10744 | 5 F5, Lodash, Netapp and 2 more | 26 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 23 more | 2024-08-04 | 9.1 Critical |
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload. | ||||
CVE-2020-28362 | 4 Fedoraproject, Golang, Netapp and 1 more | 12 Fedora, Go, Cloud Insights Telegraf Agent and 9 more | 2024-08-04 | 7.5 High |
Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. | ||||
CVE-2020-16845 | 5 Debian, Fedoraproject, Golang and 2 more | 13 Debian Linux, Fedora, Go and 10 more | 2024-08-04 | 7.5 High |
Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs. | ||||
CVE-2020-15586 | 6 Cloudfoundry, Debian, Fedoraproject and 3 more | 15 Cf-deployment, Routing-release, Debian Linux and 12 more | 2024-08-04 | 5.9 Medium |
Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time. | ||||
CVE-2020-14040 | 3 Fedoraproject, Golang, Redhat | 16 Fedora, Text, 3scale Amp and 13 more | 2024-08-04 | 7.5 High |
The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String. | ||||
CVE-2020-13949 | 3 Apache, Oracle, Redhat | 6 Hive, Thrift, Communications Cloud Native Core Network Slice Selection Function and 3 more | 2024-08-04 | 7.5 High |
In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. | ||||
CVE-2020-10750 | 2 Linuxfoundation, Redhat | 2 Jaeger, Jaeger | 2024-08-04 | 7.1 High |
Sensitive information written to a log file vulnerability was found in jaegertracing/jaeger before version 1.18.1 when the Kafka data store is used. This flaw allows an attacker with access to the container's log file to discover the Kafka credentials. | ||||
CVE-2020-9283 | 3 Debian, Golang, Redhat | 7 Debian Linux, Package Ssh, 3scale Amp and 4 more | 2024-08-04 | 7.5 High |
golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client. | ||||
CVE-2020-8203 | 3 Lodash, Oracle, Redhat | 24 Lodash, Banking Corporate Lending Process Management, Banking Credit Facilities Process Management and 21 more | 2024-08-04 | 7.4 High |
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20. | ||||
CVE-2021-34558 | 5 Fedoraproject, Golang, Netapp and 2 more | 19 Fedora, Go, Cloud Insights Telegraf and 16 more | 2024-08-04 | 6.5 Medium |
The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic. | ||||
CVE-2021-33197 | 2 Golang, Redhat | 11 Go, Advanced Cluster Security, Container Native Virtualization and 8 more | 2024-08-03 | 5.3 Medium |
In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers. | ||||
CVE-2021-33195 | 3 Golang, Netapp, Redhat | 12 Go, Cloud Insights Telegraf Agent, Advanced Cluster Security and 9 more | 2024-08-03 | 7.3 High |
Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format. | ||||
CVE-2021-33198 | 2 Golang, Redhat | 13 Go, Advanced Cluster Security, Container Native Virtualization and 10 more | 2024-08-03 | 7.5 High |
In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method. | ||||
CVE-2021-33196 | 3 Debian, Golang, Redhat | 8 Debian Linux, Go, Devtools and 5 more | 2024-08-03 | 7.5 High |
In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic. | ||||
CVE-2021-31525 | 3 Fedoraproject, Golang, Redhat | 11 Fedora, Go, Advanced Cluster Security and 8 more | 2024-08-03 | 5.9 Medium |
net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations. | ||||
CVE-2021-27292 | 2 Redhat, Ua-parser-js Project | 5 Acm, Jaeger, Logging and 2 more | 2024-08-03 | 7.5 High |
ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header, ua-parser-js will get stuck processing it for an extended period of time. | ||||
CVE-2021-3114 | 5 Debian, Fedoraproject, Golang and 2 more | 13 Debian Linux, Fedora, Go and 10 more | 2024-08-03 | 6.5 Medium |
In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field. |
Page 1 of 1.