VYPR

Vendor CVEs

Golang

All CVEs

105 total · sorted by risk
  • CVE-2019-9741Mar 13, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command.

  • CVE-2019-9634Mar 8, 2019
    risk 0.00cvss epss 0.03

    Go through 1.12 on Windows misuses certain LoadLibrary functionality, leading to DLL injection.

  • CVE-2019-6486Jan 24, 2019
    risk 0.00cvss epss 0.04

    Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.

  • CVE-2018-12976CriJul 5, 2018
    risk 0.00cvss 9.8epss 0.04

    In Go Doc Dot Org (gddo) through 2018-06-27, an attacker could use specially crafted tags in packages being fetched by gddo to cause a directory traversal and remote code execution.

  • CVE-2014-7189Oct 7, 2014
    risk 0.00cvss epss 0.01

    crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle attackers to spoof clients via unspecified vectors.

Page 3 of 3