Skip to main content

Calico Enterprise

2 CVEs product

Monthly

CVE-2023-41378 Go HIGH PATCH This Week

In certain conditions for Calico Typha (v3.26.2, v3.25.1 and below), and Calico Enterprise Typha (v3.17.1, v3.16.3, v3.15.3 and below), a client TLS handshake can block the Calico Typha server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Calico Cloud Calico Enterprise Calico Os
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-28224 Go MEDIUM PATCH This Month

Clusters using Calico (version 3.22.1 and below), Calico Enterprise (version 3.12.0 and below), may be vulnerable to route hijacking with the floating IP feature. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Calico Calico Enterprise
NVD
CVSS 3.1
5.5
EPSS
0.6%
EPSS 1% CVSS 7.5
HIGH PATCH This Week

In certain conditions for Calico Typha (v3.26.2, v3.25.1 and below), and Calico Enterprise Typha (v3.17.1, v3.16.3, v3.15.3 and below), a client TLS handshake can block the Calico Typha server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Calico Cloud Calico Enterprise +1
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Clusters using Calico (version 3.22.1 and below), Calico Enterprise (version 3.12.0 and below), may be vulnerable to route hijacking with the floating IP feature. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Calico Calico Enterprise
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy