Vulnerabilities > Golang

DATE CVE VULNERABILITY TITLE RISK
2021-01-11 CVE-2021-3121 Improper Validation of Array Index vulnerability in multiple products
An issue was discovered in GoGo Protobuf before 1.3.2.
network
low complexity
golang hashicorp CWE-129
8.6
8.6
2021-01-02 CVE-2020-28852 Improper Validation of Array Index vulnerability in Golang Text
In x/text in Go before v0.3.5, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag.
network
low complexity
golang CWE-129
5.0
5.0
2021-01-02 CVE-2020-28851 Improper Validation of Array Index vulnerability in Golang GO 1.15.4
In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension.
network
low complexity
golang CWE-129
5.0
5.0
2020-12-17 CVE-2020-29652 NULL Pointer Dereference vulnerability in Golang SSH 0.0.02020062221362375B288015Ac9/0.0.020201203163018Be400Aefbc4C
A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers.
network
low complexity
golang CWE-476
7.5
7.5
2020-12-14 CVE-2020-29511 The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.
network
high complexity
golang netapp
5.6
5.6
2020-12-14 CVE-2020-29510 The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.
network
golang netapp
6.8
6.8
2020-12-14 CVE-2020-29509 The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.
network
high complexity
golang netapp
5.6
5.6
2020-11-18 CVE-2020-28367 Code Injection vulnerability in Golang GO
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive.
network
high complexity
golang CWE-94
7.5
7.5
2020-11-18 CVE-2020-28366 Code Injection vulnerability in multiple products
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file.
network
high complexity
golang fedoraproject netapp CWE-94
7.5
7.5
2020-11-18 CVE-2020-28362 Improper Certificate Validation vulnerability in multiple products
Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.
network
low complexity
golang fedoraproject netapp CWE-295
7.5
7.5