| CVE-2019-6486 |
AVG-859 |
Medium |
Yes |
Private key recovery |
Go before versions 1.10.8 and 1.11.5 has a vulnerability in the crypto/elliptic implementations of the P-521 and P-384 elliptic curves. A remote attacker... |
| CVE-2018-16875 |
AVG-835 |
Medium |
Yes |
Denial of service |
The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might... |
| CVE-2018-16874 |
AVG-835 |
High |
Yes |
Directory traversal |
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go... |
| CVE-2018-16873 |
AVG-835 |
High |
Yes |
Arbitrary command execution |
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path... |
| CVE-2018-6574 |
AVG-606 |
High |
Yes |
Arbitrary code execution |
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by... |
| CVE-2017-1000098 |
AVG-433 |
High |
Yes |
Denial of service |
The net/http package's Request.ParseMultipartForm method starts writing to temporary files once the request body size surpasses the given "maxMemory" limit.... |
| CVE-2017-15041 |
AVG-442 |
High |
Yes |
Arbitrary command execution |
Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that... |