Skip to main content

Cloud Insights Telegraf Agent

7 CVEs product

Monthly

CVE-2022-30634 Go HIGH POC PATCH This Week

Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Microsoft Go Cloud Insights Telegraf Agent
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2021-33195 Go HIGH POC PATCH This Week

Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Go Cloud Insights Telegraf Agent
NVD
CVSS 3.1
7.3
EPSS
3.2%
CVE-2021-3115 Go HIGH PATCH This Week

Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Command Injection RCE Go Fedora +2
NVD
CVSS 3.1
7.5
EPSS
6.5%
CVE-2021-3114 Go MEDIUM PATCH This Month

In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Go Fedora Debian Linux Cloud Insights Telegraf Agent +1
NVD GitHub
CVSS 3.1
6.5
EPSS
2.7%
CVE-2020-28366 Go HIGH PATCH This Week

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Code Injection Go Fedora Cloud Insights Telegraf Agent +1
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2020-28362 Go HIGH PATCH This Week

Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Go Fedora Cloud Insights Telegraf Agent Trident
NVD
CVSS 3.1
7.5
EPSS
3.8%
CVE-2019-16276 Go HIGH PATCH This Week

Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Information Disclosure Go Debian Linux Leap +6
NVD GitHub
CVSS 3.1
7.5
EPSS
5.2%
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Microsoft Go +1
NVD
EPSS 3% CVSS 7.3
HIGH POC PATCH This Week

Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Go Cloud Insights Telegraf Agent
NVD
EPSS 6% CVSS 7.5
HIGH PATCH This Week

Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Command Injection RCE +4
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Go Fedora +3
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Code Injection Go +3
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Go Fedora +2
NVD
EPSS 5% CVSS 7.5
HIGH PATCH This Week

Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Information Disclosure Go +8
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy