Vulnerabilities > Golang > GO > 1.12.6
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-07-17 | CVE-2020-14039 | Improper Certificate Validation vulnerability in multiple products In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows). | 5.3 |
2020-01-14 | CVE-2020-0601 | Improper Certificate Validation vulnerability in multiple products A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'. | 5.8 |
2019-10-24 | CVE-2019-17596 | Interpretation Conflict vulnerability in multiple products Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. | 7.5 |
2019-09-30 | CVE-2019-16276 | HTTP Request Smuggling vulnerability in multiple products Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling. | 7.5 |
2019-08-13 | CVE-2019-14809 | net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. | 9.8 |