Search CVE reports
21 – 28 of 28 results
CVE-2019-9512
Medium prioritySome fixes available 14 of 44
Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on...
13 affected packages
golang, golang-1.10, golang-1.11, golang-1.12, golang-1.6...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.10 | Not in release | Not in release | Not in release | Vulnerable | Needs evaluation |
| golang-1.11 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.12 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| golang-1.7 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
| golang-1.9 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
| h2o | Not affected | Not affected | Not affected | Needs evaluation | Not in release |
| netty | Vulnerable | Vulnerable | Vulnerable | Fixed | Not affected |
| nginx | Not affected | Not affected | Not affected | Not affected | Not affected |
| trafficserver | Not affected | Not affected | Not affected | Vulnerable | Needs evaluation |
| twisted | Fixed | Fixed | Fixed | Fixed | Not affected |
CVE-2019-11888
Medium priorityGo through 1.12.5 on Windows mishandles process creation with a nil environment in conjunction with a non-nil token, which allows attackers to obtain sensitive information or gain privileges.
8 affected packages
golang, golang-1.10, golang-1.11, golang-1.12, golang-1.6...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang | — | — | — | Not in release | Not in release |
| golang-1.10 | — | — | — | Not affected | Not affected |
| golang-1.11 | — | — | — | Not in release | Not in release |
| golang-1.12 | — | — | — | Not in release | Not in release |
| golang-1.6 | — | — | — | Not in release | Not affected |
| golang-1.7 | — | — | — | Not in release | Not in release |
| golang-1.8 | — | — | — | Not affected | Not in release |
| golang-1.9 | — | — | — | Not affected | Not in release |
CVE-2019-9741
Medium priorityAn issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command.
8 affected packages
golang, golang-1.10, golang-1.11, golang-1.12, golang-1.6...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.10 | Not in release | Not in release | Not in release | Vulnerable | Needs evaluation |
| golang-1.11 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.12 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| golang-1.7 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
| golang-1.9 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
CVE-2019-9634
Low priorityGo through 1.12 on Windows misuses certain LoadLibrary functionality, leading to DLL injection.
8 affected packages
golang, golang-1.10, golang-1.11, golang-1.12, golang-1.6...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang | — | — | — | Not in release | Not in release |
| golang-1.10 | — | — | — | Not affected | Not affected |
| golang-1.11 | — | — | — | Not in release | Not in release |
| golang-1.12 | — | — | — | Not in release | Not in release |
| golang-1.6 | — | — | — | Not in release | Not affected |
| golang-1.7 | — | — | — | Not in release | Not in release |
| golang-1.8 | — | — | — | Not affected | Not in release |
| golang-1.9 | — | — | — | Not affected | Not in release |
CVE-2019-6486
Medium priorityGo before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.
8 affected packages
golang, golang-1.10, golang-1.11, golang-1.12, golang-1.6...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.10 | Not in release | Not in release | Not in release | Vulnerable | Needs evaluation |
| golang-1.11 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.12 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| golang-1.7 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
| golang-1.9 | Not in release | Not in release | Not in release | Needs evaluation | Not in release |
CVE-2018-16875
Low priorityThe crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of...
7 affected packages
golang, golang-1.10, golang-1.11, golang-1.6, golang-1.7...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.10 | Not in release | Not in release | Not in release | Vulnerable | Needs evaluation |
| golang-1.11 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| golang-1.7 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation | Not in release |
| golang-1.9 | Not in release | Not in release | Not in release | Needs evaluation | Not in release |
CVE-2018-16874
Medium priorityIn Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters)....
7 affected packages
golang, golang-1.10, golang-1.11, golang-1.6, golang-1.7...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.10 | Not in release | Not in release | Not in release | Vulnerable | Needs evaluation |
| golang-1.11 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| golang-1.7 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation | Not in release |
| golang-1.9 | Not in release | Not in release | Not in release | Needs evaluation | Not in release |
CVE-2018-16873
Medium priorityIn Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or...
6 affected packages
golang, golang-1.10, golang-1.11, golang-1.6, golang-1.8, golang-1.9
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.10 | Not in release | Not in release | Not in release | Vulnerable | Needs evaluation |
| golang-1.11 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation | Not in release |
| golang-1.9 | Not in release | Not in release | Not in release | Needs evaluation | Not in release |