Lucene search

Trident Security Vulnerabilities - 2020

cve

CVE-2020-28362

Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.

7.5CVSS

7.5AI Score

0.005EPSS

2020-11-18 05:15 PM

374

cve

CVE-2020-28366

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file.

7.5CVSS

8AI Score

0.009EPSS

2020-11-18 05:15 PM

205

cve

CVE-2020-29509

The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications...

9.8CVSS

6.1AI Score

0.001EPSS

2020-12-14 08:15 PM

206

cve

CVE-2020-29510

The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.

9.8CVSS

6.1AI Score

0.001EPSS

2020-12-14 08:15 PM

cve

CVE-2020-29511

The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.

9.8CVSS

6.1AI Score

0.001EPSS

2020-12-14 08:15 PM

192