Vulnerabilities > Golang > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-18 | CVE-2023-48795 | Improper Validation of Integrity Check Value vulnerability in multiple products The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. network high complexity openbsd putty filezilla-project microsoft panic roumenpetrov winscp bitvise lancom-systems vandyke libssh net-ssh ssh2-project proftpd freebsd crates tera-term-project oryx-embedded crushftp netsarang paramiko redhat golang russh-project sftpgo-project erlang matez libssh2 asyncssh-project dropbear-ssh-project jadaptive ssh thorntech netgate connectbot apache tinyssh trilead 9bis gentoo fedoraproject debian apple CWE-354 | 5.9 |
| 2023-12-06 | CVE-2023-39326 | Unspecified vulnerability in Golang GO A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. | 5.3 |
| 2023-11-09 | CVE-2023-45284 | Unspecified vulnerability in Golang GO On Windows, The IsLocal function does not correctly detect reserved device names in some cases. | 5.3 |
| 2023-09-08 | CVE-2023-39318 | Cross-site Scripting vulnerability in Golang GO The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. | 6.1 |
| 2023-09-08 | CVE-2023-39319 | Cross-site Scripting vulnerability in Golang GO The html/template package does not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts. | 6.1 |
| 2023-08-02 | CVE-2023-29407 | Excessive Iteration vulnerability in multiple products A maliciously-crafted image can cause excessive CPU consumption in decoding. | 6.5 |
| 2023-08-02 | CVE-2023-29408 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products The TIFF decoder does not place a limit on the size of compressed tile data. | 6.5 |
| 2023-08-02 | CVE-2023-29409 | Resource Exhaustion vulnerability in Golang GO Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. | 5.3 |
| 2023-08-02 | CVE-2023-3978 | Cross-site Scripting vulnerability in Golang Networking Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. | 6.1 |
| 2023-07-11 | CVE-2023-29406 | Interpretation Conflict vulnerability in Golang GO The HTTP/1 client does not fully validate the contents of the Host header. | 6.5 |