Skip to main content

Cloud Insights Telegraf

3 CVEs product

Monthly

CVE-2022-28131 Go HIGH PATCH This Week

Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Go Fedora Cloud Insights Telegraf
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2021-34558 Go MEDIUM PATCH This Month

The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Go Fedora Cloud Insights Telegraf +3
NVD
CVSS 3.1
6.5
EPSS
7.0%
CVE-2020-7919 Go HIGH PATCH This Week

Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Go Debian Linux Fedora Cloud Insights Telegraf
NVD
CVSS 3.1
7.5
EPSS
2.6%
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Go Fedora +1
NVD
EPSS 7% CVSS 6.5
MEDIUM PATCH This Month

The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Go +5
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Go Debian Linux +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy