Max CVSS | 7.8 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2019-9514 | 7.8 |
Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the p
|
19-10-2023 - 03:15 | 13-08-2019 - 21:15 | |
CVE-2020-28367 | 5.1 |
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive.
|
20-04-2023 - 00:15 | 18-11-2020 - 17:15 | |
CVE-2020-16845 | 5.0 |
Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.
|
03-02-2023 - 02:28 | 06-08-2020 - 18:15 | |
CVE-2016-5386 | 6.8 |
The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which mi
|
16-08-2022 - 13:17 | 19-07-2016 - 02:00 | |
CVE-2019-17596 | 5.0 |
Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.
|
30-11-2021 - 19:42 | 24-10-2019 - 22:15 | |
CVE-2019-9741 | 4.3 |
An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command.
|
22-03-2021 - 13:05 | 13-03-2019 - 08:29 | |
CVE-2020-16845 | 5.0 |
Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.
|
24-09-2020 - 12:15 | 06-08-2020 - 18:15 | |
CVE-2019-14809 | 7.5 |
net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is relate
|
24-08-2020 - 17:37 | 13-08-2019 - 21:15 | |
CVE-2017-8932 | 4.3 |
A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progress
|
03-10-2019 - 00:03 | 06-07-2017 - 16:29 | |
CVE-2018-6574 | 4.6 |
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not bloc
|
03-10-2019 - 00:03 | 07-02-2018 - 21:29 |