Total
123 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-29526 | 4 Fedoraproject, Golang, Linux and 1 more | 4 Fedora, Go, Linux Kernel and 1 more | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible. | |||||
| CVE-2022-23773 | 2 Golang, Netapp | 5 Go, Beegfs Csi Driver, Cloud Insights Telegraf Agent and 2 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags. | |||||
| CVE-2022-24675 | 3 Fedoraproject, Golang, Netapp | 3 Fedora, Go, Kubernetes Monitoring Operator | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data. | |||||
| CVE-2022-23772 | 3 Debian, Golang, Netapp | 6 Debian Linux, Go, Beegfs Csi Driver and 3 more | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
| Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. | |||||
| CVE-2022-27536 | 2 Apple, Golang | 2 Macos, Go | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic. | |||||
| CVE-2021-23772 | 2 Golang, Iris-go | 2 Go, Iris | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| This affects all versions of package github.com/kataras/iris; all versions of package github.com/kataras/iris/v12. The unsafe handling of file names during upload using UploadFormFiles method may enable attackers to write to arbitrary locations outside the designated target folder. | |||||
| CVE-2021-39293 | 2 Golang, Netapp | 2 Go, Cloud Insights Telegraf | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196. | |||||
| CVE-2021-44716 | 3 Debian, Golang, Netapp | 3 Debian Linux, Go, Cloud Insights Telegraf | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests. | |||||
| CVE-2021-38297 | 2 Fedoraproject, Golang | 2 Fedora, Go | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used. | |||||
| CVE-2021-44717 | 3 Debian, Golang, Opengroup | 3 Debian Linux, Go, Unix | 2024-02-28 | 5.8 MEDIUM | 4.8 MEDIUM |
| Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion. | |||||
| CVE-2021-41772 | 3 Fedoraproject, Golang, Oracle | 3 Fedora, Go, Timesten In-memory Database | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field. | |||||
| CVE-2021-41771 | 3 Debian, Fedoraproject, Golang | 3 Debian Linux, Fedora, Go | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation. | |||||
| CVE-2021-33195 | 2 Golang, Netapp | 2 Go, Cloud Insights Telegraf Agent | 2024-02-28 | 7.5 HIGH | 7.3 HIGH |
| Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format. | |||||
| CVE-2021-33198 | 1 Golang | 1 Go | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method. | |||||
| CVE-2012-2666 | 1 Golang | 1 Go | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script. | |||||
| CVE-2021-33194 | 2 Fedoraproject, Golang | 2 Fedora, Go | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input. | |||||
| CVE-2021-33197 | 1 Golang | 1 Go | 2024-02-28 | 4.3 MEDIUM | 5.3 MEDIUM |
| In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers. | |||||
| CVE-2021-33196 | 2 Debian, Golang | 2 Debian Linux, Go | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic. | |||||
| CVE-2021-29923 | 3 Fedoraproject, Golang, Oracle | 3 Fedora, Go, Timesten In-memory Database | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR. | |||||
| CVE-2021-36221 | 5 Debian, Fedoraproject, Golang and 2 more | 6 Debian Linux, Fedora, Go and 3 more | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort. | |||||