| Max CVSS | 9.3 | Min CVSS | 6.4 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-5736 | 9.3 |
runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types
|
02-02-2024 - 12:15 | 11-02-2019 - 19:29 | |
| CVE-2018-16873 | 6.8 |
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically,
|
25-03-2021 - 16:43 | 14-12-2018 - 14:29 | |
| CVE-2018-16874 | 6.8 |
In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only v
|
22-03-2021 - 18:51 | 14-12-2018 - 14:29 | |
| CVE-2019-6486 | 6.4 |
Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.
|
24-08-2020 - 17:37 | 24-01-2019 - 05:29 | |
| CVE-2018-16875 | 7.8 |
The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers
|
03-06-2019 - 18:29 | 14-12-2018 - 14:29 |