UBUNTU-CVE-2016-5386

The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect a CGI...

CVE-2016-3958

Untrusted search path vulnerability in Go before 1.5.4 and 1.6.x before 1.6.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, related to use of the LoadLibrary function...

UBUNTU-CVE-2016-3959

The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service infinite loop via a crafted public key to a program that uses HTTPS client...

Google Golang Go HTTP Header Injection Vulnerability

Google Golang Go is a programming language optimized for programming applications on multiprocessor systems by Google. An HTTP header injection vulnerability exists in Google Golang Go. An attacker can exploit this vulnerability to inject arbitrary HTTP headers into the server response, bypass...

CVE-2014-7189

crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle attackers to spoof clients via unspecified vectors...