This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Golang First view 2014-10-07
Product Go Last view 2021-03-11
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* 37
cpe:2.3:a:golang:go:1.1.2:*:*:*:*:*:*:* 34
cpe:2.3:a:golang:go:1.3:*:*:*:*:*:*:* 34
cpe:2.3:a:golang:go:1.1:*:*:*:*:*:*:* 34
cpe:2.3:a:golang:go:1.2.1:*:*:*:*:*:*:* 34
cpe:2.3:a:golang:go:1.2.2:*:*:*:*:*:*:* 34
cpe:2.3:a:golang:go:1.1.1:*:*:*:*:*:*:* 34
cpe:2.3:a:golang:go:1.3.1:*:*:*:*:*:*:* 34
cpe:2.3:a:golang:go:1.2:*:*:*:*:*:*:* 34
cpe:2.3:a:golang:go:1.2:rc3:*:*:*:*:*:* 33
cpe:2.3:a:golang:go:1.0:*:*:*:*:*:*:* 33
cpe:2.3:a:golang:go:1.2:rc2:*:*:*:*:*:* 33
cpe:2.3:a:golang:go:1.2:-:*:*:*:*:*:* 33
cpe:2.3:a:golang:go:1.1:rc3:*:*:*:*:*:* 33
cpe:2.3:a:golang:go:1.1:rc2:*:*:*:*:*:* 33
cpe:2.3:a:golang:go:1.1:-:*:*:*:*:*:* 33
cpe:2.3:a:golang:go:1.0.3:*:*:*:*:*:*:* 33
cpe:2.3:a:golang:go:1.0.2:*:*:*:*:*:*:* 33
cpe:2.3:a:golang:go:1.0.1:*:*:*:*:*:*:* 33
cpe:2.3:a:golang:go:1.4:beta1:*:*:*:*:*:* 33
cpe:2.3:a:golang:go:1.2:rc4:*:*:*:*:*:* 33
cpe:2.3:a:golang:go:1.2:rc5:*:*:*:*:*:* 33
cpe:2.3:a:golang:go:1.3:-:*:*:*:*:*:* 33
cpe:2.3:a:golang:go:1.3:beta1:*:*:*:*:*:* 33
cpe:2.3:a:golang:go:1.3:beta2:*:*:*:*:*:* 33
cpe:2.3:a:golang:go:1.3:rc1:*:*:*:*:*:* 33
cpe:2.3:a:golang:go:1.3:rc2:*:*:*:*:*:* 33
cpe:2.3:a:golang:go:1.3.2:*:*:*:*:*:*:* 33
cpe:2.3:a:golang:go:1.3.3:*:*:*:*:*:*:* 33
cpe:2.3:a:golang:go:1.4:-:*:*:*:*:*:* 33
cpe:2.3:a:golang:go:1.4:rc1:*:*:*:*:*:* 33
cpe:2.3:a:golang:go:1.4.2:*:*:*:*:*:*:* 33
cpe:2.3:a:golang:go:1.4:rc2:*:*:*:*:*:* 33
cpe:2.3:a:golang:go:1.4.1:*:*:*:*:*:*:* 33
cpe:2.3:a:golang:go:1.5:*:*:*:*:*:*:* 31
cpe:2.3:a:golang:go:1.5:rc1:*:*:*:*:*:* 30
cpe:2.3:a:golang:go:1.5:beta1:*:*:*:*:*:* 30
cpe:2.3:a:golang:go:1.5:beta2:*:*:*:*:*:* 30
cpe:2.3:a:golang:go:1.5:beta3:*:*:*:*:*:* 30
cpe:2.3:a:golang:go:1.4.3:*:*:*:*:*:*:* 30
cpe:2.3:a:golang:go:1.5:-:*:*:*:*:*:* 30
cpe:2.3:a:golang:go:1.6:*:*:*:*:*:*:* 30
cpe:2.3:a:golang:go:1.5.1:*:*:*:*:*:*:* 29
cpe:2.3:a:golang:go:1.5.2:*:*:*:*:*:*:* 29
cpe:2.3:a:golang:go:1.7.3:*:*:*:*:*:*:* 29
cpe:2.3:a:golang:go:1.6.3:*:*:*:*:*:*:* 29
cpe:2.3:a:golang:go:1.5.4:*:*:*:*:*:*:* 28
cpe:2.3:a:golang:go:1.6:beta2:*:*:*:*:*:* 28
cpe:2.3:a:golang:go:1.6:beta1:*:*:*:*:*:* 28
cpe:2.3:a:golang:go:1.5.3:*:*:*:*:*:*:* 28

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
5.5 2021-03-11 CVE-2021-27919

archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename.

7.5 2021-03-11 CVE-2021-27918

encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.

7.5 2021-01-26 CVE-2021-3115

Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).

6.5 2021-01-26 CVE-2021-3114

In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.

7.5 2021-01-02 CVE-2020-28852

In x/text in Go before v0.3.5, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)

7.5 2021-01-02 CVE-2020-28851

In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)

7.5 2020-12-17 CVE-2020-29652

A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers.

5.6 2020-12-14 CVE-2020-29511

The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.

5.6 2020-12-14 CVE-2020-29510

The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.

5.6 2020-12-14 CVE-2020-29509

The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.

7.5 2020-11-18 CVE-2020-28367

Go before 1.14.12 and 1.15.x before 1.15.5 allows Argument Injection.

7.5 2020-11-18 CVE-2020-28366

Go before 1.14.12 and 1.15.x before 1.15.5 allows Code Injection.

7.5 2020-11-18 CVE-2020-28362

Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.

6.1 2020-09-02 CVE-2020-24553

Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header.

7.5 2020-08-06 CVE-2020-16845

Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.

5.9 2020-07-17 CVE-2020-15586

Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time.

5.3 2020-07-17 CVE-2020-14039

In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows). Thus, X.509 certificate verification is incomplete.

7.5 2020-03-16 CVE-2020-7919

Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate.

9.8 2020-02-08 CVE-2015-5741

The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contains Content-Length and Transfer-Encoding header fields.

7.5 2019-10-24 CVE-2019-17596

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.

7.5 2019-09-30 CVE-2019-16276

Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.

9.8 2019-08-13 CVE-2019-14809

net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is related to a non-numeric port number. For example, an attacker can compose a crafted javascript:// URL that results in a hostname of google.com.

9.8 2019-05-13 CVE-2019-11888

Go through 1.12.5 on Windows mishandles process creation with a nil environment in conjunction with a non-nil token, which allows attackers to obtain sensitive information or gain privileges.

6.1 2019-03-13 CVE-2019-9741

An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command.

7.8 2019-03-08 CVE-2019-9634

Go through 1.12 on Windows misuses certain LoadLibrary functionality, leading to DLL injection.

CWE : Common Weakness Enumeration

%idName
14% (5) CWE-295 Certificate Issues
11% (4) CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggli...
8% (3) CWE-94 Failure to Control Generation of Code ('Code Injection')
8% (3) CWE-20 Improper Input Validation
5% (2) CWE-682 Incorrect Calculation
5% (2) CWE-264 Permissions, Privileges, and Access Controls
5% (2) CWE-129 Improper Validation of Array Index
2% (1) CWE-770 Allocation of Resources Without Limits or Throttling
2% (1) CWE-769 File Descriptor Exhaustion
2% (1) CWE-476 NULL Pointer Dereference
2% (1) CWE-436 Interpretation Conflict
2% (1) CWE-427 Uncontrolled Search Path Element
2% (1) CWE-362 Race Condition
2% (1) CWE-319 Cleartext Transmission of Sensitive Information
2% (1) CWE-284 Access Control (Authorization) Issues
2% (1) CWE-269 Improper Privilege Management
2% (1) CWE-200 Information Exposure
2% (1) CWE-93 Failure to Sanitize CRLF Sequences ('CRLF Injection')
2% (1) CWE-88 Argument Injection or Modification
2% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
2% (1) CWE-78 Improper Sanitization of Special Elements used in an OS Command ('O...

Snort® IPS/IDS

Date Description
2019-05-14 Go binary bll-load exploit attempt
RuleID : 49786 - Type : FILE-OTHER - Revision : 1
2019-05-14 Go binary dll-load exploit attempt
RuleID : 49785 - Type : FILE-OTHER - Revision : 1
2019-05-14 Go binary dll-load exploit attempt
RuleID : 49784 - Type : FILE-OTHER - Revision : 1
2019-05-14 Go binary dll-load exploit attempt
RuleID : 49783 - Type : FILE-OTHER - Revision : 1
2019-05-14 Go binary dll-load exploit attempt
RuleID : 49782 - Type : FILE-OTHER - Revision : 1
2019-05-14 Go binary dll-load exploit attempt
RuleID : 49781 - Type : FILE-OTHER - Revision : 1
2019-04-02 Google Golang GET command injection attempt
RuleID : 49304 - Type : SERVER-OTHER - Revision : 1
2016-07-28 HttpOxy CGI application vulnerability potential man-in-the-middle attempt
RuleID : 39737-community - Type : SERVER-WEBAPP - Revision : 2
2016-08-31 HttpOxy CGI application vulnerability potential man-in-the-middle attempt
RuleID : 39737 - Type : SERVER-WEBAPP - Revision : 2

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-11 Name: The remote Fedora host is missing a security update.
File: fedora_2019-c424e3bb72.nasl - Type: ACT_GATHER_INFO
2019-01-11 Name: The remote Fedora host is missing a security update.
File: fedora_2019-1198005e1f.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-fe65c14082.nasl - Type: ACT_GATHER_INFO
2018-12-24 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201812-09.nasl - Type: ACT_GATHER_INFO
2018-12-17 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-1130.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0045.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0039.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-1_0-0117.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-1_0-0123.nasl - Type: ACT_GATHER_INFO
2018-07-24 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-2_0-0034.nasl - Type: ACT_GATHER_INFO
2018-07-24 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-2_0-0026.nasl - Type: ACT_GATHER_INFO
2018-05-11 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1011.nasl - Type: ACT_GATHER_INFO
2018-04-27 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-0878.nasl - Type: ACT_GATHER_INFO
2018-04-16 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201804-12.nasl - Type: ACT_GATHER_INFO
2018-03-27 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-975.nasl - Type: ACT_GATHER_INFO
2018-03-08 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201803-03.nasl - Type: ACT_GATHER_INFO
2018-02-28 Name: The remote Fedora host is missing a security update.
File: fedora_2018-6f08b79a09.nasl - Type: ACT_GATHER_INFO
2018-02-26 Name: The remote Debian host is missing a security update.
File: debian_DLA-1294.nasl - Type: ACT_GATHER_INFO
2018-02-21 Name: The remote Fedora host is missing a security update.
File: fedora_2018-5562b6e2c0.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-f4fc897e8f.nasl - Type: ACT_GATHER_INFO
2017-12-01 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2017-1311.nasl - Type: ACT_GATHER_INFO
2017-11-06 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2017-918.nasl - Type: ACT_GATHER_INFO
2017-10-30 Name: The remote Debian host is missing a security update.
File: debian_DLA-1148.nasl - Type: ACT_GATHER_INFO
2017-10-23 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201710-23.nasl - Type: ACT_GATHER_INFO
2017-10-20 Name: The remote Fedora host is missing a security update.
File: fedora_2017-8f7bca960b.nasl - Type: ACT_GATHER_INFO