Search
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-39293 | 2 Golang, Netapp | 2 Go, Cloud Insights Telegraf | 2022-06-14 | 5.0 MEDIUM | 7.5 HIGH |
| In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196. | |||||
| CVE-2021-44716 | 3 Debian, Golang, Netapp | 3 Debian Linux, Go, Cloud Insights Telegraf | 2022-02-10 | 5.0 MEDIUM | 7.5 HIGH |
| net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests. | |||||
| CVE-2021-34558 | 3 Fedoraproject, Golang, Netapp | 5 Fedora, Go, Cloud Insights Telegraf and 2 more | 2022-02-07 | 2.6 LOW | 6.5 MEDIUM |
| The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic. | |||||
| CVE-2020-7919 | 4 Debian, Fedoraproject, Golang and 1 more | 4 Debian Linux, Fedora, Go and 1 more | 2021-06-14 | 7.8 HIGH | 7.5 HIGH |
| Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate. | |||||