Search CVE reports

71 – 80 of 81 results

Detailed view

Sort by:

CVE-2020-29509

Medium priority

Vulnerable

The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways...

8 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.15...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang	Not in release	Not in release	Not in release	Not in release	Not in release
golang-1.10	Not in release	Not in release	Not in release	Vulnerable	Vulnerable
golang-1.13	Not in release	Vulnerable	Vulnerable	Vulnerable	Vulnerable
golang-1.14	Not in release	Not in release	Vulnerable	Not in release	Not in release
golang-1.15	—	—	Not in release	Not in release	Not in release
golang-1.6	Not in release	Not in release	Not in release	Not in release	Vulnerable
golang-1.8	Not in release	Not in release	Not in release	Vulnerable	Not in release
golang-1.9	Not in release	Not in release	Not in release	Vulnerable	Not in release

CVE-2020-28367

Medium priority

Vulnerable

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive.

8 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.15...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang	Not in release	Not in release	Not in release	Not in release	Not in release
golang-1.10	Not in release	Not in release	Not in release	Vulnerable	Needs evaluation
golang-1.13	Not in release	Vulnerable	Vulnerable	Vulnerable	Vulnerable
golang-1.14	Not in release	Not in release	Vulnerable	Not in release	Not in release
golang-1.15	—	—	Not in release	Not in release	Not in release
golang-1.6	Not in release	Not in release	Not in release	Not in release	Needs evaluation
golang-1.8	Not in release	Not in release	Not in release	Needs evaluation	Not in release
golang-1.9	Not in release	Not in release	Not in release	Vulnerable	Not in release

CVE-2020-28366

Medium priority

Vulnerable

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file.

8 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.15...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang	Not in release	Not in release	Not in release	Not in release	Not in release
golang-1.10	Not in release	Not in release	Not in release	Vulnerable	Vulnerable
golang-1.13	Not in release	Vulnerable	Vulnerable	Vulnerable	Vulnerable
golang-1.14	Not in release	Not in release	Vulnerable	Not in release	Not in release
golang-1.15	—	—	Not in release	Not in release	Not in release
golang-1.6	Not in release	Not in release	Not in release	Not in release	Needs evaluation
golang-1.8	Not in release	Not in release	Not in release	Vulnerable	Not in release
golang-1.9	Not in release	Not in release	Not in release	Vulnerable	Not in release

CVE-2020-28362

Medium priority

Vulnerable

Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.

8 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.15...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang	Not in release	Not in release	Not in release	Not in release	Not in release
golang-1.10	Not in release	Not in release	Not in release	Not affected	Not affected
golang-1.13	Not in release	Not affected	Not affected	Not affected	Not affected
golang-1.14	Not in release	Not in release	Vulnerable	Not in release	Not in release
golang-1.15	—	—	Not in release	Not in release	Not in release
golang-1.6	Not in release	Not in release	Not in release	Not in release	Not affected
golang-1.8	Not in release	Not in release	Not in release	Not affected	Not in release
golang-1.9	Not in release	Not in release	Not in release	Not affected	Not in release

CVE-2020-24553

Low priority

Some fixes available 5 of 17

Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header.

8 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.15...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang	Not in release	Not in release	Not in release	Not in release	Not in release
golang-1.10	Not in release	Not in release	Not in release	Fixed	Fixed
golang-1.13	Not in release	Vulnerable	Vulnerable	Vulnerable	Vulnerable
golang-1.14	Not in release	Not in release	Fixed	Not in release	Not in release
golang-1.15	—	—	Not in release	Not in release	Not in release
golang-1.6	Not in release	Not in release	Not in release	Not in release	Needs evaluation
golang-1.8	Not in release	Not in release	Not in release	Needs evaluation	Not in release
golang-1.9	Not in release	Not in release	Not in release	Needs evaluation	Not in release

CVE-2020-16845

Low priority

Some fixes available 7 of 17

Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.

8 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.15...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang	Not in release	Not in release	Not in release	Not in release	Not in release
golang-1.10	Not in release	Not in release	Not in release	Vulnerable	Needs evaluation
golang-1.13	Not in release	Fixed	Fixed	Fixed	Fixed
golang-1.14	Not in release	Not in release	Vulnerable	Not in release	Not in release
golang-1.15	—	—	Not in release	Not in release	Not in release
golang-1.6	Not in release	Not in release	Not in release	Not in release	Needs evaluation
golang-1.8	Not in release	Not in release	Not in release	Vulnerable	Not in release
golang-1.9	Not in release	Not in release	Not in release	Vulnerable	Not in release

CVE-2020-15586

Low priority

Some fixes available 2 of 18

Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time.

8 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.15...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang	Not in release	Not in release	Not in release	Not in release	Not in release
golang-1.10	Not in release	Not in release	Not in release	Vulnerable	Needs evaluation
golang-1.13	Not in release	Vulnerable	Vulnerable	Vulnerable	Vulnerable
golang-1.14	Not in release	Not in release	Vulnerable	Not in release	Not in release
golang-1.15	—	—	Not in release	Not in release	Not in release
golang-1.6	Not in release	Not in release	Not in release	Not in release	Needs evaluation
golang-1.8	Not in release	Not in release	Not in release	Vulnerable	Not in release
golang-1.9	Not in release	Not in release	Not in release	Vulnerable	Not in release

CVE-2020-14039

Medium priority

Ignored

In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows). Thus, X.509 certificate...

10 affected packages

golang, golang-1.10, golang-1.11, golang-1.12, golang-1.13...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang	—	—	Not in release	Not in release	Not in release
golang-1.10	—	—	Not in release	Not affected	Not affected
golang-1.11	—	—	Not in release	Not in release	Not in release
golang-1.12	—	—	Not in release	Not in release	Not in release
golang-1.13	—	—	Not affected	Not affected	Not affected
golang-1.14	—	—	Not affected	Not in release	Not in release
golang-1.15	—	—	Not in release	Not in release	Not in release
golang-1.6	—	—	Not in release	Not in release	Not affected
golang-1.8	—	—	Not in release	Not affected	Not in release
golang-1.9	—	—	Not in release	Not affected	Not in release

CVE-2020-7919

Medium priority

Some fixes available 3 of 12

Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate.

9 affected packages

golang, golang-1.10, golang-1.11, golang-1.12, golang-1.13...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang	Not in release	Not in release	Not in release	Not in release	Not in release
golang-1.10	Not in release	Not in release	Not in release	Vulnerable	Needs evaluation
golang-1.11	Not in release	Not in release	Not in release	Not in release	Not in release
golang-1.12	Not in release	Not in release	Not in release	Not in release	Not in release
golang-1.13	Not in release	Not affected	Not affected	Vulnerable	Vulnerable
golang-1.14	Not in release	Not in release	Fixed	Not in release	Not in release
golang-1.6	Not in release	Not in release	Not in release	Not in release	Not affected
golang-1.8	Not in release	Not in release	Not in release	Not affected	Not in release
golang-1.9	Not in release	Not in release	Not in release	Not affected	Not in release

CVE-2019-17596

Medium priority

Some fixes available 8 of 19

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies...

8 affected packages

golang, golang-1.10, golang-1.11, golang-1.12, golang-1.13...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
golang	Not in release	Not in release	Not in release	Not in release	Not in release
golang-1.10	Not in release	Not in release	Not in release	Vulnerable	Needs evaluation
golang-1.11	Not in release	Not in release	Not in release	Not in release	Not in release
golang-1.12	Not in release	Not in release	Not in release	Not in release	Not in release
golang-1.13	Not in release	Fixed	Fixed	Fixed	Fixed
golang-1.6	Not in release	Not in release	Not in release	Not in release	Needs evaluation
golang-1.8	Not in release	Not in release	Not in release	Vulnerable	Not in release
golang-1.9	Not in release	Not in release	Not in release	Vulnerable	Not in release

Export to JSON

Results by page: