Golang
golang
217 CVEs • 13 products
Products (13)
Click to collapseToggle
Products (13)
Click to collapse
CVEs (217)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
2Fedoraproject Golang2Fedora GoNov 21, 2024 May 26, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input. |
2Fedoraproject Golang2Fedora GoNov 21, 2024 Mar 11, 2021 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename. |
encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Sk...Show more |
3Fedoraproject GolangNetapp4Cloud Insights Telegraf Agent FedoraGo+1 moreNov 21, 2024 Jan 26, 2021 N/A· v4 7.5 HIGH· v3 5.1 MEDIUM· v2 Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc...Show more |
4Debian FedoraprojectGolang+1 more5Cloud Insights Telegraf Agent Debian LinuxFedora+2 moreNov 21, 2024 Jan 26, 2021 N/A· v4 6.5 MEDIUM· v3 6.4 MEDIUM· v2 In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field. |
An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue. |
In x/text in Go before v0.3.5, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.) |
In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.) |
A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers. |
The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting w...Show more |
The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways d...Show more |
The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting...Show more |
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive. |
3Fedoraproject GolangNetapp4Cloud Insights Telegraf Agent FedoraGo+1 moreNov 21, 2024 Nov 18, 2020 N/A· v4 7.5 HIGH· v3 5.1 MEDIUM· v2 Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file. |
3Fedoraproject GolangNetapp4Cloud Insights Telegraf Agent FedoraGo+1 moreNov 21, 2024 Nov 18, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. |
4Fedoraproject GolangOpensuse+1 more4Communications Cloud Native Core Policy FedoraGo+1 moreNov 21, 2024 Sep 2, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header. |
4Debian FedoraprojectGolang+1 more4Debian Linux FedoraGo+1 moreNov 21, 2024 Aug 6, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs. |
5Cloudfoundry DebianFedoraproject+2 more6Cf Deployment Debian LinuxFedora+3 moreNov 21, 2024 Jul 17, 2020 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time. |
In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows). Thus, X.509 certi...Show more |
2Fedoraproject Golang2Fedora TextNov 21, 2024 Jun 17, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide...Show more |