Vulnerabilities > Golang

DATE CVE VULNERABILITY TITLE RISK
2021-01-11 CVE-2021-3121 Improper Validation of Array Index vulnerability in Golang Protobuf
An issue was discovered in GoGo Protobuf before 1.3.2.
network
low complexity
golang CWE-129
7.5
2021-01-02 CVE-2020-28852 Improper Validation of Array Index vulnerability in Golang GO 1.15.4
In x/text in Go 1.15.4, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag.
network
low complexity
golang CWE-129
5.0
2021-01-02 CVE-2020-28851 Improper Validation of Array Index vulnerability in Golang GO 1.15.4
In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension.
network
low complexity
golang CWE-129
5.0
2020-12-17 CVE-2020-29652 Null Pointer Dereference vulnerability in Golang GO
A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers.
network
low complexity
golang CWE-476
5.0
2020-12-14 CVE-2020-29511 Unspecified vulnerability in Golang GO
The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.
network
golang
6.8
2020-12-14 CVE-2020-29510 Unspecified vulnerability in Golang GO
The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.
network
golang
6.8
2020-12-14 CVE-2020-29509 Unspecified vulnerability in Golang GO
The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.
network
golang
6.8
2020-11-18 CVE-2020-28367 Argument Injection OR Modification vulnerability in multiple products
Go before 1.14.12 and 1.15.x before 1.15.5 allows Argument Injection.
network
high complexity
golang debian fedoraproject CWE-88
5.1
2020-11-18 CVE-2020-28366 Code Injection vulnerability in multiple products
Go before 1.14.12 and 1.15.x before 1.15.5 allows Code Injection.
network
high complexity
golang fedoraproject CWE-94
5.1
2020-11-18 CVE-2020-28362 Improper Certificate Validation vulnerability in Golang GO
Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.
network
low complexity
golang CWE-295
5.0