Vulnerabilities > Golang
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-01-11 | CVE-2021-3121 | Improper Validation of Array Index vulnerability in Golang Protobuf An issue was discovered in GoGo Protobuf before 1.3.2. | 7.5 |
2021-01-02 | CVE-2020-28852 | Improper Validation of Array Index vulnerability in Golang GO 1.15.4 In x/text in Go 1.15.4, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. | 5.0 |
2021-01-02 | CVE-2020-28851 | Improper Validation of Array Index vulnerability in Golang GO 1.15.4 In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. | 5.0 |
2020-12-17 | CVE-2020-29652 | Null Pointer Dereference vulnerability in Golang GO A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers. | 5.0 |
2020-12-14 | CVE-2020-29511 | Unspecified vulnerability in Golang GO The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications. network golang | 6.8 |
2020-12-14 | CVE-2020-29510 | Unspecified vulnerability in Golang GO The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications. network golang | 6.8 |
2020-12-14 | CVE-2020-29509 | Unspecified vulnerability in Golang GO The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications. network golang | 6.8 |
2020-11-18 | CVE-2020-28367 | Argument Injection OR Modification vulnerability in multiple products Go before 1.14.12 and 1.15.x before 1.15.5 allows Argument Injection. | 5.1 |
2020-11-18 | CVE-2020-28366 | Code Injection vulnerability in multiple products Go before 1.14.12 and 1.15.x before 1.15.5 allows Code Injection. | 5.1 |
2020-11-18 | CVE-2020-28362 | Improper Certificate Validation vulnerability in Golang GO Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. | 5.0 |