VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
>
Golang
>
GO
> 1.16.12
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2022-06-23
CVE-2022-29526
Improper Privilege Management vulnerability in multiple products
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment.
network
low complexity
golang
fedoraproject
netapp
CWE-269
5.3
5.3
2022-04-20
CVE-2022-24675
Uncontrolled Recursion vulnerability in multiple products
encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.
network
low complexity
golang
fedoraproject
netapp
CWE-674
7.5
7.5
2022-04-20
CVE-2022-28327
The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.
network
low complexity
golang
fedoraproject
7.5
7.5
2022-03-05
CVE-2022-24921
Uncontrolled Recursion vulnerability in multiple products
regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.
network
low complexity
golang
netapp
debian
CWE-674
7.5
7.5
2022-02-11
CVE-2022-23772
Integer Overflow or Wraparound vulnerability in multiple products
Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.
network
low complexity
golang
netapp
debian
CWE-190
7.5
7.5
2022-02-11
CVE-2022-23773
Interpretation Conflict vulnerability in multiple products
cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags.
network
low complexity
golang
netapp
CWE-436
7.5
7.5
2022-02-11
CVE-2022-23806
Unchecked Return Value vulnerability in multiple products
Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.
network
low complexity
golang
netapp
debian
CWE-252
critical
9.1
9.1
2021-08-07
CVE-2021-29923
Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation.
network
low complexity
golang
oracle
fedoraproject
7.5
7.5
2020-12-14
CVE-2020-29511
The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.
network
high complexity
golang
netapp
5.6
5.6
2020-12-14
CVE-2020-29509
The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.
network
high complexity
golang
netapp
5.6
5.6
«
Previous
1
2
3
4
5
6
(current)
»