Vulnerabilities > Golang > High

DATE CVE VULNERABILITY TITLE RISK
2020-12-17 CVE-2020-29652 NULL Pointer Dereference vulnerability in Golang SSH 0.0.02020062221362375B288015Ac9/0.0.020201203163018Be400Aefbc4C
A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers.
network
low complexity
golang CWE-476
7.5
7.5
2020-11-18 CVE-2020-28367 Code Injection vulnerability in Golang GO
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive.
network
high complexity
golang CWE-94
7.5
7.5
2020-11-18 CVE-2020-28366 Code Injection vulnerability in multiple products
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file.
network
high complexity
golang fedoraproject netapp CWE-94
7.5
7.5
2020-11-18 CVE-2020-28362 Improper Certificate Validation vulnerability in multiple products
Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.
network
low complexity
golang fedoraproject netapp CWE-295
7.5
7.5
2020-08-06 CVE-2020-16845 Infinite Loop vulnerability in multiple products
Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.
network
low complexity
golang opensuse debian fedoraproject CWE-835
7.5
7.5
2020-06-17 CVE-2020-14040 Infinite Loop vulnerability in multiple products
The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory.
network
low complexity
golang fedoraproject CWE-835
7.5
7.5
2020-03-16 CVE-2020-7919 Improper Certificate Validation vulnerability in multiple products
Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate.
network
low complexity
golang debian fedoraproject netapp CWE-295
7.5
7.5
2020-02-20 CVE-2020-9283 Improper Verification of Cryptographic Signature vulnerability in multiple products
golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package.
network
low complexity
golang debian CWE-347
7.5
7.5
2020-01-14 CVE-2020-0601 Improper Certificate Validation vulnerability in multiple products
A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.
network
low complexity
microsoft golang CWE-295
8.1
8.1
2019-10-24 CVE-2019-17596 Interpretation Conflict vulnerability in multiple products
Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. 		7.5
7.5