Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
golang crypto vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2021-3115
Go prior to 1.14.14 and 1.15.x prior to 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).
Golang Go
Fedoraproject Fedora 33
Netapp Storagegrid -
Netapp Cloud Insights Telegraf Agent -
7.5
CVSSv3
CVE-2020-29652
A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote malicious users to cause a denial of service against SSH servers.
Golang Ssh
2 Github repositories
7.5
CVSSv3
CVE-2020-28362
Go prior to 1.14.12 and 1.15.x prior to 1.15.4 allows Denial of Service.
Golang Go
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Netapp Trident -
Netapp Cloud Insights Telegraf Agent -
7.5
CVSSv3
CVE-2020-7919
Go prior to 1.12.16 and 1.13.x prior to 1.13.7 (and the crypto/cryptobyte package prior to 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate.
Golang Go
Debian Debian Linux 10.0
Fedoraproject Fedora 31
Netapp Cloud Insights Telegraf -
7.5
CVSSv3
CVE-2020-9283
golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client.
Golang Package Ssh 0.0.0-20200220183623-bac4c82f6975
Debian Debian Linux 9.0
1 EDB exploit
3 Github repositories
7.5
CVSSv3
CVE-2019-17596
Go prior to 1.12.11 and 1.3.x prior to 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.
Golang Go
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Redhat Enterprise Linux 8.0
Redhat Developer Tools 1.0
Redhat Enterprise Linux Server 8.1
Opensuse Leap 15.0
Opensuse Leap 15.1
Arista Mos
Arista Eos
Arista Cloudvision Portal 2019.1.2
Arista Cloudvision Portal 2019.1.1
Arista Cloudvision Portal 2019.1.0
Arista Cloudvision Portal
Arista Terminattr
1 Github repository
7.5
CVSSv3
CVE-2018-16875
The crypto/x509 package of Go prior to 1.10.6 and 1.11.x prior to 1.11.3 does not limit the amount of work performed for each chain verification, which might allow malicious users to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client cer...
Golang Go
Opensuse Leap 42.3
1 Github repository
7.3
CVSSv3
CVE-2023-24539
Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if exe...
Golang Go
1 Github repository
7.3
CVSSv3
CVE-2023-29400
Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.
Golang Go
1 Github repository
7.3
CVSSv3
CVE-2021-33195
Go prior to 1.15.13 and 1.16.x prior to 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.
Golang Go
Netapp Cloud Insights Telegraf Agent -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-6280
CVE-2024-5346
CVE-2024-30078
CVE-2022-45803
CVE-2024-36886
SQL
CVE-2024-24553
IMAP
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »