Vendor CVEs
Golang
All CVEs
105 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-9741 | 0.00 | — | 0.02 | Mar 13, 2019 | An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command. | |||
| CVE-2019-9634 | 0.00 | — | 0.03 | Mar 8, 2019 | Go through 1.12 on Windows misuses certain LoadLibrary functionality, leading to DLL injection. | |||
| CVE-2019-6486 | 0.00 | — | 0.04 | Jan 24, 2019 | Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks. | |||
| CVE-2018-12976 | Cri | 0.00 | 9.8 | 0.04 | Jul 5, 2018 | In Go Doc Dot Org (gddo) through 2018-06-27, an attacker could use specially crafted tags in packages being fetched by gddo to cause a directory traversal and remote code execution. | ||
| CVE-2014-7189 | 0.00 | — | 0.01 | Oct 7, 2014 | crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle attackers to spoof clients via unspecified vectors. |
- CVE-2019-9741Mar 13, 2019risk 0.00cvss —epss 0.02
An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command.
- CVE-2019-9634Mar 8, 2019risk 0.00cvss —epss 0.03
Go through 1.12 on Windows misuses certain LoadLibrary functionality, leading to DLL injection.
- CVE-2019-6486Jan 24, 2019risk 0.00cvss —epss 0.04
Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.
- risk 0.00cvss 9.8epss 0.04
In Go Doc Dot Org (gddo) through 2018-06-27, an attacker could use specially crafted tags in packages being fetched by gddo to cause a directory traversal and remote code execution.
- CVE-2014-7189Oct 7, 2014risk 0.00cvss —epss 0.01
crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle attackers to spoof clients via unspecified vectors.
Page 3 of 3