Search CVE reports

61 – 70 of 100 results

Detailed view

Sort by:

CVE-2021-34558

Medium priority

Needs evaluation

The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS...

9 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.15...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang	Not in release	Not in release	Not in release	Not in release
golang-1.10	Not in release	Not in release	Not in release	Needs evaluation
golang-1.13	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
golang-1.14	Not in release	Not in release	Needs evaluation	Not in release
golang-1.15	—	—	Not in release	Not in release
golang-1.16	Not in release	Not in release	Needs evaluation	Needs evaluation
golang-1.6	Not in release	Not in release	Not in release	Not in release
golang-1.8	Not in release	Not in release	Not in release	Needs evaluation
golang-1.9	Not in release	Not in release	Not in release	Needs evaluation

CVE-2021-3115

Medium priority

Not affected

Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the “go get” command to fetch modules that make use of cgo (for example, cgo can execute a gcc program...

8 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.15...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang	—	—	Not in release	Not in release
golang-1.10	—	—	Not in release	Not affected
golang-1.13	—	—	Not affected	Not affected
golang-1.14	—	—	Not affected	Not in release
golang-1.15	—	—	Not in release	Not in release
golang-1.6	—	—	Not in release	Not in release
golang-1.8	—	—	Not in release	Not affected
golang-1.9	—	—	Not in release	Not affected

CVE-2021-3114

Medium priority

Vulnerable

In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.

8 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.15...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang	Not in release	Not in release	Not in release	Not in release
golang-1.10	Not in release	Not in release	Not in release	Vulnerable
golang-1.13	Not in release	Vulnerable	Vulnerable	Vulnerable
golang-1.14	Not in release	Not in release	Vulnerable	Not in release
golang-1.15	—	—	Not in release	Not in release
golang-1.6	Not in release	Not in release	Not in release	Not in release
golang-1.8	Not in release	Not in release	Not in release	Vulnerable
golang-1.9	Not in release	Not in release	Not in release	Vulnerable

CVE-2021-29923

Medium priority

Needs evaluation

Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of...

9 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.15...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang	Not in release	Not in release	Not in release	Not in release
golang-1.10	Not in release	Not in release	Not in release	Needs evaluation
golang-1.13	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
golang-1.14	Not in release	Not in release	Needs evaluation	Not in release
golang-1.15	—	—	Not in release	Not in release
golang-1.16	Not in release	Not in release	Needs evaluation	Needs evaluation
golang-1.6	Not in release	Not in release	Not in release	Not in release
golang-1.8	Not in release	Not in release	Not in release	Needs evaluation
golang-1.9	Not in release	Not in release	Not in release	Needs evaluation

CVE-2021-27919

Medium priority

Needs evaluation

archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename.

8 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.15...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang	Not in release	Not in release	Not in release	Not in release
golang-1.10	Not in release	Not in release	Not in release	Needs evaluation
golang-1.13	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
golang-1.14	Not in release	Not in release	Needs evaluation	Not in release
golang-1.15	—	—	Not in release	Not in release
golang-1.6	Not in release	Not in release	Not in release	Not in release
golang-1.8	Not in release	Not in release	Not in release	Needs evaluation
golang-1.9	Not in release	Not in release	Not in release	Needs evaluation

CVE-2021-27918

Medium priority

Needs evaluation

encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.

8 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.15...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang	Not in release	Not in release	Not in release	Not in release
golang-1.10	Not in release	Not in release	Not in release	Needs evaluation
golang-1.13	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
golang-1.14	Not in release	Not in release	Needs evaluation	Not in release
golang-1.15	—	—	Not in release	Not in release
golang-1.6	Not in release	Not in release	Not in release	Not in release
golang-1.8	Not in release	Not in release	Not in release	Needs evaluation
golang-1.9	Not in release	Not in release	Not in release	Needs evaluation

CVE-2020-7919

Medium priority

Some fixes available 3 of 12

Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate.

9 affected packages

golang-1.8, golang, golang-1.10, golang-1.11, golang-1.12...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang-1.8	Not in release	Not in release	Not in release	Not affected
golang	Not in release	Not in release	Not in release	Not in release
golang-1.10	Not in release	Not in release	Not in release	Vulnerable
golang-1.11	Not in release	Not in release	Not in release	Not in release
golang-1.12	Not in release	Not in release	Not in release	Not in release
golang-1.6	Not in release	Not in release	Not in release	Not in release
golang-1.13	Not in release	Not affected	Not affected	Vulnerable
golang-1.14	Not in release	Not in release	Fixed	Not in release
golang-1.9	Not in release	Not in release	Not in release	Not affected

CVE-2020-29511

Medium priority

Vulnerable

The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during...

8 affected packages

golang, golang-1.10, golang-1.14, golang-1.6, golang-1.8...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang	Not in release	Not in release	Not in release	Not in release
golang-1.10	Not in release	Not in release	Not in release	Vulnerable
golang-1.14	Not in release	Not in release	Vulnerable	Not in release
golang-1.6	Not in release	Not in release	Not in release	Not in release
golang-1.8	Not in release	Not in release	Not in release	Vulnerable
golang-1.9	Not in release	Not in release	Not in release	Vulnerable
golang-1.13	Not in release	Vulnerable	Vulnerable	Vulnerable
golang-1.15	—	—	Not in release	Not in release

CVE-2020-29510

Medium priority

Vulnerable

The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways...

8 affected packages

golang-1.10, golang, golang-1.14, golang-1.6, golang-1.8...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang-1.10	Not in release	Not in release	Not in release	Vulnerable
golang	Not in release	Not in release	Not in release	Not in release
golang-1.14	Not in release	Not in release	Vulnerable	Not in release
golang-1.6	Not in release	Not in release	Not in release	Not in release
golang-1.8	Not in release	Not in release	Not in release	Vulnerable
golang-1.9	Not in release	Not in release	Not in release	Vulnerable
golang-1.13	Not in release	Vulnerable	Vulnerable	Vulnerable
golang-1.15	—	—	Not in release	Not in release

CVE-2020-29509

Medium priority

Vulnerable

The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways...

8 affected packages

golang, golang-1.10, golang-1.14, golang-1.6, golang-1.8...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang	Not in release	Not in release	Not in release	Not in release
golang-1.10	Not in release	Not in release	Not in release	Vulnerable
golang-1.14	Not in release	Not in release	Vulnerable	Not in release
golang-1.6	Not in release	Not in release	Not in release	Not in release
golang-1.8	Not in release	Not in release	Not in release	Vulnerable
golang-1.9	Not in release	Not in release	Not in release	Vulnerable
golang-1.13	Not in release	Vulnerable	Vulnerable	Vulnerable
golang-1.15	—	—	Not in release	Not in release

Export to JSON

Results by page: