U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:netapp:cloud_insights_telegraf_agent:-:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 10 matching records.
Displaying matches 1 through 10.
Vuln ID Summary CVSS Severity
CVE-2022-30634

Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.

Published: July 15, 2022; 4:15:08 PM -0400
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2022-23806

Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.

Published: February 10, 2022; 8:15:07 PM -0500
V4.0:(not available)
V3.1: 9.1 CRITICAL
V2.0: 6.4 MEDIUM
CVE-2022-23773

cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.

Published: February 10, 2022; 8:15:07 PM -0500
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2022-23772

Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.

Published: February 10, 2022; 8:15:07 PM -0500
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2021-33195

Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.

Published: August 02, 2021; 3:15:08 PM -0400
V4.0:(not available)
V3.1: 7.3 HIGH
V2.0: 7.5 HIGH
CVE-2021-3115

Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).

Published: January 26, 2021; 1:16:27 PM -0500
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0: 5.1 MEDIUM
CVE-2021-3114

In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.

Published: January 26, 2021; 1:16:27 PM -0500
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0: 6.4 MEDIUM
CVE-2020-28366

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file.

Published: November 18, 2020; 12:15:11 PM -0500
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0: 5.1 MEDIUM
CVE-2020-28362

Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.

Published: November 18, 2020; 12:15:11 PM -0500
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2019-16276

Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.

Published: September 30, 2019; 3:15:08 PM -0400
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM