Search CVE reports

Toggle filters

91 – 100 of 106 results

CVE-2020-16845

Low priority

Some fixes available 7 of 17

Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.

8 affected packages

golang-1.13, golang, golang-1.10, golang-1.14, golang-1.15...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.13 Not in release Fixed Fixed Fixed
golang Not in release Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Vulnerable
golang-1.14 Not in release Not in release Vulnerable Not in release
golang-1.15 Not in release Not in release
golang-1.6 Not in release Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Vulnerable
golang-1.9 Not in release Not in release Not in release Vulnerable
Show all 8 packages Show less packages

CVE-2020-15586

Low priority

Some fixes available 2 of 18

Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time.

8 affected packages

golang, golang-1.10, golang-1.6, golang-1.8, golang-1.9...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang Not in release Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Vulnerable
golang-1.6 Not in release Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Vulnerable
golang-1.9 Not in release Not in release Not in release Vulnerable
golang-1.13 Not in release Vulnerable Vulnerable Vulnerable
golang-1.14 Not in release Not in release Vulnerable Not in release
golang-1.15 Not in release Not in release
Show all 8 packages Show less packages

CVE-2020-14039

Medium priority
Ignored

In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows). Thus, X.509 certificate...

10 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.15...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang Not in release Not in release
golang-1.10 Not in release Not affected
golang-1.13 Not affected Not affected
golang-1.14 Not affected Not in release
golang-1.15 Not in release Not in release
golang-1.11 Not in release Not in release
golang-1.12 Not in release Not in release
golang-1.6 Not in release Not in release
golang-1.8 Not in release Not affected
golang-1.9 Not in release Not affected
Show all 10 packages Show less packages

CVE-2020-7919

Medium priority

Some fixes available 3 of 12

Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate.

9 affected packages

golang, golang-1.8, golang-1.10, golang-1.11, golang-1.12...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang Not in release Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Not affected
golang-1.10 Not in release Not in release Not in release Vulnerable
golang-1.11 Not in release Not in release Not in release Not in release
golang-1.12 Not in release Not in release Not in release Not in release
golang-1.6 Not in release Not in release Not in release Not in release
golang-1.13 Not in release Not affected Not affected Vulnerable
golang-1.14 Not in release Not in release Fixed Not in release
golang-1.9 Not in release Not in release Not in release Not affected
Show all 9 packages Show less packages

CVE-2019-17596

Medium priority

Some fixes available 8 of 19

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies...

8 affected packages

golang, golang-1.10, golang-1.13, golang-1.8, golang-1.11...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang Not in release Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Vulnerable
golang-1.13 Not in release Fixed Fixed Fixed
golang-1.8 Not in release Not in release Not in release Vulnerable
golang-1.11 Not in release Not in release Not in release Not in release
golang-1.12 Not in release Not in release Not in release Not in release
golang-1.6 Not in release Not in release Not in release Not in release
golang-1.9 Not in release Not in release Not in release Vulnerable
Show all 8 packages Show less packages

CVE-2019-16276

Medium priority
Vulnerable

Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.

9 affected packages

golang-1.10, golang-1.11, golang-1.12, golang, golang-1.13...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.10 Not in release Not in release Not in release Vulnerable
golang-1.11 Not in release Not in release Not in release Not in release
golang-1.12 Not in release Not in release Not in release Not in release
golang Not in release Not in release Not in release Not in release
golang-1.13 Not in release Not affected Not affected Not affected
golang-1.8 Not in release Not in release Not in release Vulnerable
golang-1.9 Not in release Not in release Not in release Vulnerable
golang-1.6 Not in release Not in release Not in release Not in release
golang-1.7 Not in release Not in release Not in release Not in release
Show all 9 packages Show less packages

CVE-2019-14809

Medium priority
Vulnerable

net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor...

8 affected packages

golang-1.10, golang-1.11, golang-1.12, golang, golang-1.6...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.10 Not in release Not in release Not in release Vulnerable
golang-1.11 Not in release Not in release Not in release Not in release
golang-1.12 Not in release Not in release Not in release Not in release
golang Not in release Not in release Not in release Not in release
golang-1.6 Not in release Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Vulnerable
golang-1.9 Not in release Not in release Not in release Vulnerable
golang-1.7 Not in release Not in release Not in release Not in release
Show all 8 packages Show less packages

CVE-2019-9514

Medium priority

Some fixes available 16 of 83

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream...

16 affected packages

golang-1.10, golang-1.11, golang-1.12, golang, golang-1.6...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.10 Not in release Not in release Not in release Vulnerable
golang-1.11 Not in release Not in release Not in release Not in release
golang-1.12 Not in release Not in release Not in release Not in release
golang Not in release Not in release Not in release Not in release
golang-1.6 Not in release Not in release Not in release Not in release
golang-1.7 Not in release Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Vulnerable
golang-1.9 Not in release Not in release Not in release Vulnerable
nginx Not affected Not affected Not affected Not affected
trafficserver Not affected Not affected Not affected Vulnerable
twisted Fixed Fixed Fixed Fixed
h2o Not affected Not affected Not affected Needs evaluation
nodejs Not affected Not affected Not affected Ignored
grpc Vulnerable Vulnerable Vulnerable Vulnerable
netty Not affected Not affected Not affected Fixed
golang-google-grpc Vulnerable Vulnerable Vulnerable Vulnerable
Show all 16 packages Show less packages

CVE-2019-9512

Medium priority

Some fixes available 16 of 42

Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on...

13 affected packages

golang-1.9, golang-1.10, golang-1.11, golang-1.12, golang-1.6...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang-1.9 Not in release Not in release Not in release Vulnerable
golang-1.10 Not in release Not in release Not in release Vulnerable
golang-1.11 Not in release Not in release Not in release Not in release
golang-1.12 Not in release Not in release Not in release Not in release
golang-1.6 Not in release Not in release Not in release Not in release
h2o Not affected Not affected Not affected Needs evaluation
golang Not in release Not in release Not in release Not in release
golang-1.7 Not in release Not in release Not in release Not in release
golang-1.8 Not in release Not in release Not in release Vulnerable
nginx Not affected Not affected Not affected Not affected
trafficserver Not affected Not affected Not affected Vulnerable
twisted Fixed Fixed Fixed Fixed
netty Not affected Not affected Not affected Fixed
Show all 13 packages Show less packages

CVE-2019-11888

Medium priority
Not affected

Go through 1.12.5 on Windows mishandles process creation with a nil environment in conjunction with a non-nil token, which allows attackers to obtain sensitive information or gain privileges.

8 affected packages

golang, golang-1.10, golang-1.11, golang-1.12, golang-1.6...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
golang Not in release
golang-1.10 Not affected
golang-1.11 Not in release
golang-1.12 Not in release
golang-1.6 Not in release
golang-1.7 Not in release
golang-1.8 Not affected
golang-1.9 Not affected
Show all 8 packages Show less packages
  1. Previous page
  2. 7
  3. 8
  4. 9
  5. 10
  6. 11
  7. Next page
Export to JSON