Search CVE reports
81 – 90 of 94 results
Some fixes available 3 of 12
Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate.
9 affected packages
golang-1.10, golang, golang-1.6, golang-1.8, golang-1.9...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-1.10 | Not in release | Not in release | Not in release | Vulnerable |
| golang | Not in release | Not in release | Not in release | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Not affected |
| golang-1.9 | Not in release | Not in release | Not in release | Not affected |
| golang-1.11 | Not in release | Not in release | Not in release | Not in release |
| golang-1.12 | Not in release | Not in release | Not in release | Not in release |
| golang-1.13 | Not in release | Not affected | Not affected | Vulnerable |
| golang-1.14 | Not in release | Not in release | Fixed | Not in release |
The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during...
8 affected packages
golang-1.10, golang, golang-1.6, golang-1.8, golang-1.9...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-1.10 | Not in release | Not in release | Not in release | Vulnerable |
| golang | Not in release | Not in release | Not in release | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.9 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.13 | Not in release | Vulnerable | Vulnerable | Vulnerable |
| golang-1.14 | Not in release | Not in release | Vulnerable | Not in release |
| golang-1.15 | — | — | Not in release | Not in release |
The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways...
8 affected packages
golang-1.10, golang, golang-1.6, golang-1.8, golang-1.9...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-1.10 | Not in release | Not in release | Not in release | Vulnerable |
| golang | Not in release | Not in release | Not in release | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.9 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.13 | Not in release | Vulnerable | Vulnerable | Vulnerable |
| golang-1.14 | Not in release | Not in release | Vulnerable | Not in release |
| golang-1.15 | — | — | Not in release | Not in release |
The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways...
8 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.9 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.10 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.13 | Not in release | Vulnerable | Vulnerable | Vulnerable |
| golang-1.14 | Not in release | Not in release | Vulnerable | Not in release |
| golang-1.15 | — | — | Not in release | Not in release |
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive.
8 affected packages
golang-1.10, golang, golang-1.6, golang-1.8, golang-1.9...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-1.10 | Not in release | Not in release | Not in release | Vulnerable |
| golang | Not in release | Not in release | Not in release | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation |
| golang-1.9 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.13 | Not in release | Vulnerable | Vulnerable | Vulnerable |
| golang-1.14 | Not in release | Not in release | Vulnerable | Not in release |
| golang-1.15 | — | — | Not in release | Not in release |
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file.
8 affected packages
golang-1.10, golang, golang-1.6, golang-1.8, golang-1.9...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-1.10 | Not in release | Not in release | Not in release | Vulnerable |
| golang | Not in release | Not in release | Not in release | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.9 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.13 | Not in release | Vulnerable | Vulnerable | Vulnerable |
| golang-1.14 | Not in release | Not in release | Vulnerable | Not in release |
| golang-1.15 | — | — | Not in release | Not in release |
Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.
8 affected packages
golang, golang-1.6, golang-1.8, golang-1.9, golang-1.10...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Not affected |
| golang-1.9 | Not in release | Not in release | Not in release | Not affected |
| golang-1.10 | Not in release | Not in release | Not in release | Not affected |
| golang-1.13 | Not in release | Not affected | Not affected | Not affected |
| golang-1.14 | Not in release | Not in release | Vulnerable | Not in release |
| golang-1.15 | — | — | Not in release | Not in release |
Some fixes available 5 of 17
Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header.
8 affected packages
golang-1.10, golang, golang-1.6, golang-1.8, golang-1.9...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-1.10 | Not in release | Not in release | Not in release | Fixed |
| golang | Not in release | Not in release | Not in release | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation |
| golang-1.9 | Not in release | Not in release | Not in release | Needs evaluation |
| golang-1.13 | Not in release | Vulnerable | Vulnerable | Vulnerable |
| golang-1.14 | Not in release | Not in release | Fixed | Not in release |
| golang-1.15 | — | — | Not in release | Not in release |
Some fixes available 7 of 17
Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.
8 affected packages
golang-1.10, golang, golang-1.6, golang-1.8, golang-1.9...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-1.10 | Not in release | Not in release | Not in release | Vulnerable |
| golang | Not in release | Not in release | Not in release | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.9 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.13 | Not in release | Fixed | Fixed | Fixed |
| golang-1.14 | Not in release | Not in release | Vulnerable | Not in release |
| golang-1.15 | — | — | Not in release | Not in release |
Some fixes available 2 of 18
Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time.
8 affected packages
golang-1.10, golang, golang-1.6, golang-1.8, golang-1.9...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-1.10 | Not in release | Not in release | Not in release | Vulnerable |
| golang | Not in release | Not in release | Not in release | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.9 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.13 | Not in release | Vulnerable | Vulnerable | Vulnerable |
| golang-1.14 | Not in release | Not in release | Vulnerable | Not in release |
| golang-1.15 | — | — | Not in release | Not in release |