Filtered by vendor Golang
Subscriptions
Total
150 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-7919 | 4 Debian, Fedoraproject, Golang and 1 more | 4 Debian Linux, Fedora, Go and 1 more | 2024-11-21 | 7.5 High |
| Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate. | ||||
| CVE-2020-29652 | 2 Golang, Redhat | 4 Ssh, Container Native Virtualization, Enterprise Linux and 1 more | 2024-11-21 | 7.5 High |
| A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers. | ||||
| CVE-2020-29511 | 2 Golang, Netapp | 2 Go, Trident | 2024-11-21 | 9.8 Critical |
| The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications. | ||||
| CVE-2020-29510 | 2 Golang, Netapp | 2 Go, Trident | 2024-11-21 | 9.8 Critical |
| The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications. | ||||
| CVE-2020-29509 | 2 Golang, Netapp | 2 Go, Trident | 2024-11-21 | 9.8 Critical |
| The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications. | ||||
| CVE-2020-28852 | 2 Golang, Redhat | 5 Text, Acm, Enterprise Linux and 2 more | 2024-11-21 | 7.5 High |
| In x/text in Go before v0.3.5, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.) | ||||
| CVE-2020-28851 | 2 Golang, Redhat | 5 Go, Acm, Enterprise Linux and 2 more | 2024-11-21 | 7.5 High |
| In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.) | ||||
| CVE-2020-28367 | 2 Golang, Redhat | 4 Go, Devtools, Enterprise Linux and 1 more | 2024-11-21 | 7.5 High |
| Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive. | ||||
| CVE-2020-28366 | 4 Fedoraproject, Golang, Netapp and 1 more | 7 Fedora, Go, Cloud Insights Telegraf Agent and 4 more | 2024-11-21 | 7.5 High |
| Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file. | ||||
| CVE-2020-28362 | 4 Fedoraproject, Golang, Netapp and 1 more | 12 Fedora, Go, Cloud Insights Telegraf Agent and 9 more | 2024-11-21 | 7.5 High |
| Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. | ||||
| CVE-2020-24553 | 5 Fedoraproject, Golang, Opensuse and 2 more | 6 Fedora, Go, Leap and 3 more | 2024-11-21 | 6.1 Medium |
| Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header. | ||||
| CVE-2020-16845 | 5 Debian, Fedoraproject, Golang and 2 more | 13 Debian Linux, Fedora, Go and 10 more | 2024-11-21 | 7.5 High |
| Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs. | ||||
| CVE-2020-15586 | 6 Cloudfoundry, Debian, Fedoraproject and 3 more | 15 Cf-deployment, Routing-release, Debian Linux and 12 more | 2024-11-21 | 5.9 Medium |
| Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time. | ||||
| CVE-2020-14040 | 3 Fedoraproject, Golang, Redhat | 16 Fedora, Text, 3scale Amp and 13 more | 2024-11-21 | 7.5 High |
| The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String. | ||||
| CVE-2020-14039 | 2 Golang, Opensuse | 2 Go, Leap | 2024-11-21 | 5.3 Medium |
| In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows). Thus, X.509 certificate verification is incomplete. | ||||
| CVE-2019-9741 | 4 Debian, Fedoraproject, Golang and 1 more | 6 Debian Linux, Fedora, Go and 3 more | 2024-11-21 | 6.1 Medium |
| An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command. | ||||
| CVE-2019-9634 | 2 Golang, Microsoft | 2 Go, Windows | 2024-11-21 | 7.8 High |
| Go through 1.12 on Windows misuses certain LoadLibrary functionality, leading to DLL injection. | ||||
| CVE-2019-6486 | 3 Debian, Golang, Opensuse | 3 Debian Linux, Go, Leap | 2024-11-21 | N/A |
| Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks. | ||||
| CVE-2019-17596 | 6 Arista, Debian, Fedoraproject and 3 more | 13 Cloudvision Portal, Eos, Mos and 10 more | 2024-11-21 | 7.5 High |
| Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates. | ||||
| CVE-2019-16276 | 6 Debian, Fedoraproject, Golang and 3 more | 11 Debian Linux, Fedora, Go and 8 more | 2024-11-21 | 7.5 High |
| Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling. | ||||