Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
golang go vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2022-24675
encoding/pem in Go prior to 1.17.9 and 1.18.x prior to 1.18.1 has a Decode stack overflow via a large amount of PEM data.
Golang Go
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Netapp Kubernetes Monitoring Operator -
1 Github repository
446
VMScore
CVE-2020-28362
Go prior to 1.14.12 and 1.15.x prior to 1.15.4 allows Denial of Service.
Golang Go
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Netapp Trident -
Netapp Cloud Insights Telegraf Agent -
455
VMScore
CVE-2020-28366
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file.
Golang Go
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Netapp Trident -
Netapp Cloud Insights Telegraf Agent -
446
VMScore
CVE-2022-23773
cmd/go in Go prior to 1.16.14 and 1.17.x prior to 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.
Golang Go
Netapp Storagegrid -
Netapp Cloud Insights Telegraf Agent -
Netapp Kubernetes Monitoring Operator -
Netapp Beegfs Csi Driver -
4 Github repositories
384
VMScore
CVE-2020-24553
Go prior to 1.14.8 and 1.15.x prior to 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header.
Golang Go
Fedoraproject Fedora 33
Opensuse Leap 15.1
Opensuse Leap 15.2
Oracle Communications Cloud Native Core Policy 1.5.0
570
VMScore
CVE-2021-3114
In Go prior to 1.14.14 and 1.15.x prior to 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.
Golang Go
Fedoraproject Fedora 33
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Netapp Storagegrid -
Netapp Cloud Insights Telegraf Agent -
1 Github repository
445
VMScore
CVE-2021-23409
The package github.com/pires/go-proxyproto prior to 0.6.0 are vulnerable to Denial of Service (DoS) via creating connections without the proxy protocol header.
Go-proxyproto Project Go-proxyproto
231
VMScore
CVE-2021-34558
The crypto/tls package of Go up to and including 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.
Golang Go
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Netapp Storagegrid -
Netapp Trident -
Netapp Cloud Insights Telegraf -
Oracle Timesten In-memory Database
1 Github repository
696
VMScore
CVE-2022-23772
Rat.SetString in math/big in Go prior to 1.16.14 and 1.17.x prior to 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.
Golang Go
Netapp Storagegrid -
Netapp Cloud Insights Telegraf Agent -
Netapp Kubernetes Monitoring Operator -
Netapp Beegfs Csi Driver -
Debian Debian Linux 9.0
5 Github repositories
571
VMScore
CVE-2022-23806
Curve.IsOnCurve in crypto/elliptic in Go prior to 1.16.14 and 1.17.x prior to 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.
Golang Go
Netapp Storagegrid -
Netapp Cloud Insights Telegraf Agent -
Netapp Kubernetes Monitoring Operator -
Netapp Beegfs Csi Driver -
Debian Debian Linux 9.0
3 Github repositories
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »