1.16.11

DATE	CVE	VULNERABILITY TITLE	RISK
2022-04-20	CVE-2022-28327	The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input. network low complexity golang fedoraproject	7.5
2022-03-05	CVE-2022-24921	Uncontrolled Recursion vulnerability in multiple products regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression. network low complexity golang netapp debian CWE-674	7.5
2022-02-11	CVE-2022-23772	Integer Overflow or Wraparound vulnerability in multiple products Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. network low complexity golang netapp debian CWE-190	7.5
2022-02-11	CVE-2022-23773	Interpretation Conflict vulnerability in multiple products cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. network low complexity golang netapp CWE-436	7.5
2022-02-11	CVE-2022-23806	Unchecked Return Value vulnerability in multiple products Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element. network low complexity golang netapp debian CWE-252 critical	9.1
2022-01-01	CVE-2021-44716	Resource Exhaustion vulnerability in multiple products net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests. network low complexity golang debian netapp CWE-400	7.5
2022-01-01	CVE-2021-44717	Improper Resource Shutdown or Release vulnerability in multiple products Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion. network high complexity golang debian CWE-404	4.8
2021-08-07	CVE-2021-29923	Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. network low complexity golang oracle fedoraproject	7.5
2020-12-14	CVE-2020-29511	The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications. network high complexity golang netapp	5.6
2020-12-14	CVE-2020-29509	The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications. network high complexity golang netapp	5.6