1.16.15

DATE	CVE	VULNERABILITY TITLE	RISK
2022-06-23	CVE-2022-29526	Improper Privilege Management vulnerability in multiple products Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. network low complexity golang fedoraproject netapp CWE-269	5.3
2022-04-20	CVE-2022-24675	Uncontrolled Recursion vulnerability in multiple products encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data. network low complexity golang fedoraproject netapp CWE-674	7.5
2022-04-20	CVE-2022-28327	The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input. network low complexity golang fedoraproject	7.5
2021-08-07	CVE-2021-29923	Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. network low complexity golang oracle fedoraproject	7.5
2020-12-14	CVE-2020-29511	The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications. network high complexity golang netapp	5.6
2020-12-14	CVE-2020-29509	The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications. network high complexity golang netapp	5.6