Vulnerabilities > Golang > GO > 1.16.15

DATE CVE VULNERABILITY TITLE RISK
2022-06-23 CVE-2022-29526 Improper Privilege Management vulnerability in multiple products
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment.
network
low complexity
golang fedoraproject netapp CWE-269
5.3
2022-04-20 CVE-2022-24675 Uncontrolled Recursion vulnerability in multiple products
encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.
network
low complexity
golang fedoraproject netapp CWE-674
7.5
2022-04-20 CVE-2022-28327 The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.
network
low complexity
golang fedoraproject
7.5
2021-08-07 CVE-2021-29923 Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation.
network
low complexity
golang oracle fedoraproject
7.5
2020-12-14 CVE-2020-29511 The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.
network
high complexity
golang netapp
5.6
2020-12-14 CVE-2020-29509 The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.
network
high complexity
golang netapp
5.6