Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
golang go vulnerabilities and exploits
(subscribe to this query)
8.6
CVSSv3
CVE-2022-30321
go-getter up to 1.5.11 and 2.0.2 allowed arbitrary host access via go-getter path traversal, symlink processing, and command injection flaws. Fixed in 1.6.1 and 2.1.0.
Hashicorp Go-getter 2.0.2
Hashicorp Go-getter
8.6
CVSSv3
CVE-2022-30322
go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustion when go-getter processed malicious HTTP responses. Fixed in 1.6.1 and 2.1.0.
Hashicorp Go-getter 2.0.2
Hashicorp Go-getter
8.6
CVSSv3
CVE-2022-30323
go-getter up to 1.5.11 and 2.0.2 panicked when processing password-protected ZIP files. Fixed in 1.6.1 and 2.1.0.
Hashicorp Go-getter 2.0.2
Hashicorp Go-getter
8.2
CVSSv3
CVE-2019-6486
Go prior to 1.10.8 and 1.11.x prior to 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows malicious users to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.
Golang Go
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Opensuse Leap 15.0
8.1
CVSSv3
CVE-2023-39323
Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build"...
Golang Go
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Fedoraproject Fedora 39
8.1
CVSSv3
CVE-2020-26279
go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs before version 0.8.0-rc1, it is possible for path traversal to occur with DAGs containing relative paths during retrieval. This can cause files to be overwrit...
Protocol Go-ipfs
8.1
CVSSv3
CVE-2020-0601
A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file wa...
Microsoft Windows 10 1607
Microsoft Windows Server 2016 -
Microsoft Windows 10 -
Microsoft Windows 10 1709
Microsoft Windows 10 1803
Microsoft Windows Server 2016 1803
Microsoft Windows Server 2019 -
Microsoft Windows 10 1809
Microsoft Windows Server 2016 1903
Microsoft Windows 10 1903
Microsoft Windows 10 1909
Microsoft Windows Server 2016 1909
Golang Go
70 Github repositories
5 Articles
8.1
CVSSv3
CVE-2018-16873
In Go prior to 1.10.6 and 1.11.x prior to 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vuln...
Golang Go
Opensuse Leap 42.3
Opensuse Leap 15.0
Opensuse Leap 15.1
Suse Linux Enterprise Server 12
Opensuse Backports Sle 15.0
Debian Debian Linux 9.0
1 Github repository
8.1
CVSSv3
CVE-2018-16874
In Go prior to 1.10.6 and 1.11.x prior to 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is on...
Golang Go
Opensuse Leap 42.3
Opensuse Leap 15.0
Opensuse Leap 15.1
Suse Linux Enterprise Server 12
Opensuse Backports Sle 15.0
Debian Debian Linux 9.0
8.1
CVSSv3
CVE-2017-14623
In the ldap.v2 (aka go-ldap) package up to and including 2.5.0 for Go, an attacker may be able to login with an empty password. This issue affects an application using this package if these conditions are met: (1) it relies only on the return error of the Bind function call to de...
Go-ldap Project Ldap
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »