Trident

This hub aggregates every CVE we track for Trident, a product in the hardware firmware space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 12 most recently published vulnerabilities affecting Trident.

• CVE-2021-25742Ingress-nginx custom snippets allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces7.6Oct 29, 2021
• CVE-2021-34558The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a ma...6.5Jul 15, 2021
• CVE-2020-29509The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs tha...9.8Dec 14, 2020
• CVE-2020-29511The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that ...9.8Dec 14, 2020
• CVE-2020-29510The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behav...9.8Dec 14, 2020
• CVE-2020-28362Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.7.5Nov 18, 2020
• CVE-2020-28366Arbitrary code execution in go command with cgo in cmd/go and cmd/cgo7.5Nov 18, 2020
• CVE-2019-9514Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service7.5Aug 13, 2019
• CVE-2019-11244kubectl creates world-writeable cached schema files5.0Apr 22, 2019
• CVE-2019-11243In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client certi...8.1Apr 22, 2019
• CVE-2018-1002105In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to est...9.8Dec 5, 2018
• CVE-2018-1000133Pitchfork version 1.4.6 RC1 contains an Improper Privilege Management vulnerability in Trident Pitchfork components that can result in A standard unprivileged user could gain system administrator p...7.5Mar 16, 2018