CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2015-8618
https://notcve.org/view.php?id=CVE-2015-8618
27 Jan 2016 — The Int.Exp Montgomery code in the math/big library in Go 1.5.x before 1.5.3 mishandles carry propagation and produces incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors. El código Montgomery de Int.Exp en la librería math/big en Go 1.5.x en versiones anteriores a 1.5.3 no maneja correctamente la propagación acarreo y produce una salida incorrecta, lo que facilita a atacantes obtener claves privadas RSA a través de vectores no especificados. • http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175642.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 8EXPL: 0CVE-2014-7189
https://notcve.org/view.php?id=CVE-2014-7189
07 Oct 2014 — crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle attackers to spoof clients via unspecified vectors. crpyto/tls en Go 1.1 anterior a 1.3.2, cuando SessionTicketsDisabled está habilitado, permite a atacantes man-in-the-middle falsificar clientes através de vectores no especificados. • http://www.openwall.com/lists/oss-security/2014/09/26/28 • CWE-264: Permissions, Privileges, and Access Controls •