Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
golang go vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2019-9634
Go up to and including 1.12 on Windows misuses certain LoadLibrary functionality, leading to DLL injection.
Golang Go
605
VMScore
CVE-2018-16873
In Go prior to 1.10.6 and 1.11.x prior to 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vuln...
Golang Go
Opensuse Leap 42.3
Opensuse Leap 15.0
Opensuse Leap 15.1
Suse Linux Enterprise Server 12
Opensuse Backports Sle 15.0
Debian Debian Linux 9.0
1 Github repository
605
VMScore
CVE-2018-16874
In Go prior to 1.10.6 and 1.11.x prior to 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is on...
Golang Go
Opensuse Leap 42.3
Opensuse Leap 15.0
Opensuse Leap 15.1
Suse Linux Enterprise Server 12
Opensuse Backports Sle 15.0
Debian Debian Linux 9.0
605
VMScore
CVE-2017-3204
The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism.
Golang Crypto
1 Github repository
578
VMScore
CVE-2020-26283
go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs before version 0.8.0, control characters are not escaped from console output. This can result in hiding input from the user which could result in the user tak...
Protocol Go-ipfs
571
VMScore
CVE-2022-23806
Curve.IsOnCurve in crypto/elliptic in Go prior to 1.16.14 and 1.17.x prior to 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.
Golang Go
Netapp Storagegrid -
Netapp Cloud Insights Telegraf Agent -
Netapp Kubernetes Monitoring Operator -
Netapp Beegfs Csi Driver -
Debian Debian Linux 9.0
3 Github repositories
570
VMScore
CVE-2022-1996
Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.
Go-restful Project Go-restful
Fedoraproject Fedora 35
Fedoraproject Fedora 36
1 Github repository
570
VMScore
CVE-2021-3114
In Go prior to 1.14.14 and 1.15.x prior to 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.
Golang Go
Fedoraproject Fedora 33
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Netapp Storagegrid -
Netapp Cloud Insights Telegraf Agent -
1 Github repository
570
VMScore
CVE-2019-6486
Go prior to 1.10.8 and 1.11.x prior to 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows malicious users to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.
Golang Go
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Opensuse Leap 15.0
537
VMScore
CVE-2020-0601
A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file wa...
Microsoft Windows 10 1607
Microsoft Windows Server 2016 -
Microsoft Windows 10 -
Microsoft Windows 10 1709
Microsoft Windows 10 1803
Microsoft Windows Server 2016 1803
Microsoft Windows Server 2019 -
Microsoft Windows 10 1809
Microsoft Windows Server 2016 1903
Microsoft Windows 10 1903
Microsoft Windows 10 1909
Microsoft Windows Server 2016 1909
Golang Go
71 Github repositories
5 Articles
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »