Filtered by vendor Golang
Subscribe
Total
145 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-34558 | 4 Fedoraproject, Golang, Netapp and 1 more | 6 Fedora, Go, Cloud Insights Telegraf and 3 more | 2023-12-10 | 2.6 LOW | 6.5 MEDIUM |
The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic. | |||||
CVE-2021-33194 | 2 Fedoraproject, Golang | 2 Fedora, Go | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input. | |||||
CVE-2021-33196 | 2 Debian, Golang | 2 Debian Linux, Go | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic. | |||||
CVE-2021-33197 | 1 Golang | 1 Go | 2023-12-10 | 4.3 MEDIUM | 5.3 MEDIUM |
In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers. | |||||
CVE-2012-2666 | 1 Golang | 1 Go | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script. | |||||
CVE-2021-31525 | 2 Fedoraproject, Golang | 2 Fedora, Go | 2023-12-10 | 2.6 LOW | 5.9 MEDIUM |
net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations. | |||||
CVE-2021-36221 | 5 Debian, Fedoraproject, Golang and 2 more | 6 Debian Linux, Fedora, Go and 3 more | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort. | |||||
CVE-2021-29923 | 3 Fedoraproject, Golang, Oracle | 3 Fedora, Go, Timesten In-memory Database | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR. | |||||
CVE-2021-33198 | 1 Golang | 1 Go | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method. | |||||
CVE-2021-27918 | 1 Golang | 1 Go | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method. | |||||
CVE-2020-28851 | 1 Golang | 1 Go | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.) | |||||
CVE-2020-28362 | 3 Fedoraproject, Golang, Netapp | 4 Fedora, Go, Cloud Insights Telegraf Agent and 1 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. | |||||
CVE-2020-28366 | 3 Fedoraproject, Golang, Netapp | 4 Fedora, Go, Cloud Insights Telegraf Agent and 1 more | 2023-12-10 | 5.1 MEDIUM | 7.5 HIGH |
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file. | |||||
CVE-2021-3114 | 4 Debian, Fedoraproject, Golang and 1 more | 5 Debian Linux, Fedora, Go and 2 more | 2023-12-10 | 6.4 MEDIUM | 6.5 MEDIUM |
In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field. | |||||
CVE-2021-27919 | 2 Fedoraproject, Golang | 2 Fedora, Go | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename. | |||||
CVE-2020-29510 | 2 Golang, Netapp | 2 Go, Trident | 2023-12-10 | 6.8 MEDIUM | 5.6 MEDIUM |
The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications. | |||||
CVE-2020-29511 | 2 Golang, Netapp | 2 Go, Trident | 2023-12-10 | 6.8 MEDIUM | 5.6 MEDIUM |
The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications. | |||||
CVE-2020-29509 | 2 Golang, Netapp | 2 Go, Trident | 2023-12-10 | 6.8 MEDIUM | 5.6 MEDIUM |
The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications. | |||||
CVE-2021-3115 | 4 Fedoraproject, Golang, Microsoft and 1 more | 5 Fedora, Go, Windows and 2 more | 2023-12-10 | 5.1 MEDIUM | 7.5 HIGH |
Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download). | |||||
CVE-2020-28367 | 1 Golang | 1 Go | 2023-12-10 | 5.1 MEDIUM | 7.5 HIGH |
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive. |