Lucene search
K
NetappCloud Insights Telegraf Agent

10 matches found

CVE
CVE
added 2022/02/11 12:16 a.m.512 views

CVE-2022-23773

CVE-2022-23773 affects the Go toolchain component cmd/go. Impact: branch names may be misinterpreted as version tags, potentially granting inappropriate access to create branches but not tags. Affected: Go before 1.16.14 and 1.17.x before 1.17.7. Mitigation: upgrade to fixed releases (Go 1.16.14+...

7.5CVSS8.1AI score0.02698EPSS
CVE
CVE
added 2021/01/26 2:23 a.m.505 views

CVE-2021-3114

CVE-2021-3114 affects Go’s elliptic curve implementation on the P-224 curve. Affected products/versions: Go before 1.14.14 and 1.15.x before 1.15.7. Root cause: the crypto/elliptic/p224.go path can produce incorrect outputs due to an underflow of the lowest limb during the final complete reductio...

6.5CVSS7AI score0.02689EPSS
CVE
CVE
added 2022/02/11 12:0 a.m.504 views

CVE-2022-23806

CVE-2022-23806 affects Go's crypto/elliptic IsOnCurve, which can incorrectly return true when a big.Int value is not a valid field element. Impact: potential impact to availability and integrity as implied by the vulnerability description. Root cause is an out-of-spec check in IsOnCurve for inval...

9.1CVSS9.1AI score0.03015EPSS
CVE
CVE
added 2020/11/18 4:27 p.m.479 views

CVE-2020-28362

CVE-2020-28362 affects Go up to 1.14.12 and 1.15.x up to 1.15.4. The issue is a Denial of Service caused by a panic in math/big during recursive division of very large numbers, exploitable via Go tooling/build processes. Remediation: upgrade Go to a remediate version (Go 1.14.12+ or 1.15.4+ as ap...

7.5CVSS7.5AI score0.03813EPSS
CVE
CVE
added 2022/02/11 12:11 a.m.473 views

CVE-2022-23772

CVE-2022-23772 affects Go (golang) where Rat.SetString in math/big can overflow, leading to uncontrolled memory consumption. Connected advisories confirm this issue alongside other Go vulnerabilities (e.g., CVE-2022-23773, CVE-2022-23806) across multiple Go components (cmd/go, crypto/elliptic, ar...

7.8CVSS8.4AI score0.0283EPSS
CVE
CVE
added 2021/08/02 6:51 p.m.455 views

CVE-2021-33195

CVE-2021-33195 affects Go's net package: LookupCNAME/LookupSRV/LookupMX/LookupNS/LookupAddr may return DNS data that isn’t RFC1035-compliant, enabling unsafe injections (e.g., XSS). Affected: Go before 1.15.13 and 1.16.x before 1.16.5. Remediation: upgrade Go to 1.15.13+ or 1.16.5+ (and newer). T...

7.5CVSS7.6AI score0.03231EPSS
CVE
CVE
added 2021/01/26 2:14 a.m.367 views

CVE-2021-3115

The CVE-2021-3115 entry involves the Go toolchain (golang) prior to Go 1.14.14 and 1.15.x prior to 1.15.7 on Windows, where using go get to fetch modules that use cgo can lead to command injection and remote code execution. The vulnerability stems from cgo-enabled module fetch that can execute a ...

7.5CVSS8.1AI score0.06497EPSS
CVE
CVE
added 2019/09/30 6:40 p.m.285 views

CVE-2019-16276

CVE-2019-16276 affects the Go programming language’s net/http handling, allowing HTTP Request Smuggling when an HTTP header contains spaces before the colon. The issue is publicly documented across multiple advisories; Go versions prior to fixes described in the connected documents are affected. ...

7.5CVSS7.5AI score0.05157EPSS
CVE
CVE
added 2020/11/18 12:0 a.m.267 views

CVE-2020-28366

CVE-2020-28366 affects the Go toolchain: code injection/arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file, impacting go commands using cgo before Go 1.14.12 and Go 1.15.5. The described impact is at build time, not runtime, with a high-severity pr...

7.5CVSS8.1AI score0.02244EPSS
CVE
CVE
added 2022/07/15 7:36 p.m.179 views

CVE-2022-30634

CVE-2022-30634 describes an infinite loop in Read in crypto/rand prior to Go 1.17.11 and Go 1.18.3 on Windows, triggered by buffers larger than 1<

7.5CVSS7.5AI score0.01647EPSS