Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
golang go vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2017-8932
A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go prior to 1.7.6 and 1.8.x prior to 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar i...
Golang Go 1.8
Golang Go 1.8.1
Golang Go
Fedoraproject Fedora 25
Novell Suse Package Hub For Suse Linux Enterprise 12
Opensuse Leap 42.2
1 Github repository
4.3
CVSSv2
CVE-2014-7189
crpyto/tls in Go 1.1 prior to 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle malicious users to spoof clients via unspecified vectors.
Golang Go 1.2.1
Golang Go 1.3
Golang Go 1.2
Golang Go 1.2.2
Golang Go 1.1
Golang Go 1.1.1
Golang Go 1.1.2
Golang Go 1.3.1
4
CVSSv2
CVE-2021-41087
in-toto-golang is a go implementation of the in-toto framework to protect software supply chain integrity. In affected versions authenticated attackers posing as functionaries (i.e., within a trusted set of users for a layout) are able to create attestations that may bypass DISAL...
In-toto In-toto-golang
4
CVSSv2
CVE-2021-23351
The package github.com/pires/go-proxyproto prior to 0.5.0 are vulnerable to Denial of Service (DoS) via the parseVersion1() function. The reader in this package is a default bufio.Reader wrapping a net.Conn. It will read from the connection until it finds a newline. Since no limi...
Go-proxyproto Project Go-proxyproto
Fedoraproject Fedora 33
Fedoraproject Fedora 34
4
CVSSv2
CVE-2020-26264
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.25 a denial-of-service vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client. This vulnerability only con...
Ethereum Go Ethereum
3.5
CVSSv2
CVE-2021-41173
Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.9, a vulnerable node is susceptible to crash when processing a maliciously crafted message from a peer. Version v1.10.9 contains patches to the vulnerability. There are no known work...
Ethereum Go Ethereum
3.5
CVSSv2
CVE-2021-21432
Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. An authentication mechanism added in version 0.7.0 enables some malicious user to obtain secrets utilizing the injected credentials within the `~/.netrc` file. Refer to the refe...
Go-vela Vela
3.5
CVSSv2
CVE-2020-26265
Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth from version 1.9.4 and before version 1.9.20 a consensus-vulnerability could cause a chain split, where vulnerable versions refuse to accept the canonical chain. The fix was ...
Ethereum Go Ethereum
2.6
CVSSv2
CVE-2021-34558
The crypto/tls package of Go up to and including 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.
Golang Go
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Netapp Storagegrid -
Netapp Trident -
Netapp Cloud Insights Telegraf -
Oracle Timesten In-memory Database
1 Github repository
2.6
CVSSv2
CVE-2021-31525
net/http in Go prior to 1.15.12 and 1.16.x prior to 1.16.4 allows remote malicious users to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations.
Golang Go
Fedoraproject Fedora 34
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »