Search CVE reports
1 – 10 of 11 results
CVE-2023-3978
Medium priorityText nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.
4 affected packages
containerd, golang-golang-x-net, golang-golang-x-net-dev, google-guest-agent
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
containerd | Not affected | Not affected | Not affected | Not affected | Not affected |
golang-golang-x-net | Needs evaluation | Needs evaluation | Not in release | Ignored | Ignored |
golang-golang-x-net-dev | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
google-guest-agent | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2022-27664
Medium prioritySome fixes available 15 of 32
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.
14 affected packages
containerd, golang, golang-1.10, golang-1.13, golang-1.14...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
containerd | Not affected | Not affected | Not affected | Not affected | Not affected |
golang | — | Not in release | Not in release | Not in release | Ignored |
golang-1.10 | — | Not in release | Not in release | Vulnerable | Vulnerable |
golang-1.13 | Not in release | Fixed | Fixed | Fixed | Fixed |
golang-1.14 | — | Not in release | Vulnerable | Not in release | Ignored |
golang-1.16 | — | Not in release | Fixed | Fixed | Ignored |
golang-1.17 | — | Vulnerable | Not in release | Not in release | Ignored |
golang-1.18 | Not in release | Fixed | Fixed | Fixed | Fixed |
golang-1.6 | — | Not in release | Not in release | Not in release | Vulnerable |
golang-1.8 | — | Not in release | Not in release | Vulnerable | Ignored |
golang-1.9 | — | Not in release | Not in release | Vulnerable | Ignored |
golang-golang-x-net | Not affected | Vulnerable | Not in release | Not in release | Not in release |
golang-golang-x-net-dev | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
google-guest-agent | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
CVE-2021-44716
Medium prioritySome fixes available 5 of 21
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.
8 affected packages
golang-1.11, golang-1.15, golang-1.17, golang-1.7, golang-1.8...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang-1.11 | Not in release | Not in release | Not in release | Not in release | Ignored |
golang-1.15 | — | — | Not in release | Not in release | Ignored |
golang-1.17 | Not in release | Vulnerable | Not in release | Not in release | Ignored |
golang-1.7 | Not in release | Not in release | Not in release | Not in release | Ignored |
golang-1.8 | Not in release | Not in release | Not in release | Vulnerable | Ignored |
golang-golang-x-net | Not affected | Not affected | Not in release | Not in release | Not in release |
golang-golang-x-net-dev | Not in release | Not in release | Vulnerable | Vulnerable | Needs evaluation |
google-guest-agent | Fixed | Fixed | Fixed | Vulnerable | Vulnerable |
CVE-2021-31525
Low prioritynet/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some...
6 affected packages
golang-1.11, golang-1.15, golang-1.16, golang-golang-x-net, golang-golang-x-net-dev, google-guest-agent
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang-1.11 | Not in release | Not in release | Not in release | Not in release | Ignored |
golang-1.15 | — | — | Not in release | Not in release | Ignored |
golang-1.16 | Not in release | Not in release | Needs evaluation | Needs evaluation | Ignored |
golang-golang-x-net | Not affected | Not affected | Not in release | Not in release | Not in release |
golang-golang-x-net-dev | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
google-guest-agent | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
CVE-2021-33194
Medium prioritygolang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input.
3 affected packages
golang-golang-x-net, golang-golang-x-net-dev, google-guest-agent
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang-golang-x-net | Needs evaluation | Needs evaluation | Not in release | Not in release | Not in release |
golang-golang-x-net-dev | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
google-guest-agent | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2018-17848
Medium priorityThe html package (aka x/net/html) through 2018-09-25 in Go mishandles <math><template><mn><b></template>, leading to a "panic: runtime error" (index out of range) in (*insertionModeStack).pop in node.go, called from inHeadIM,...
2 affected packages
golang-go.net-dev, golang-golang-x-net-dev
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang-go.net-dev | — | — | — | Not in release | Not in release |
golang-golang-x-net-dev | — | — | — | Not affected | Not affected |
CVE-2018-17847
Low priorityThe html package (aka x/net/html) through 2018-09-25 in Go mishandles <svg><template><desc><t><svg></template>, leading to a "panic: runtime error" (index out of range) in (*nodeStack).pop in node.go, called...
2 affected packages
golang-go.net-dev, golang-golang-x-net-dev
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang-go.net-dev | — | — | — | Not in release | Not in release |
golang-golang-x-net-dev | — | — | — | Not affected | Not affected |
CVE-2018-17846
Low priorityThe html package (aka x/net/html) through 2018-09-25 in Go mishandles <table><math><select><mi><select></table>, leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a...
2 affected packages
golang-go.net-dev, golang-golang-x-net-dev
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang-go.net-dev | Not in release | Not in release | Not in release | Not in release | Not in release |
golang-golang-x-net-dev | Not in release | Not in release | Vulnerable | Vulnerable | Vulnerable |
CVE-2018-17143
Medium priorityThe html package (aka x/net/html) through 2018-09-17 in Go mishandles <template><tBody><isindex/action=0>, leading to a "panic: runtime error" in inBodyIM in parse.go during an html.Parse call.
1 affected packages
golang-golang-x-net-dev
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang-golang-x-net-dev | — | — | — | Not affected | Not affected |
CVE-2018-17142
Medium priorityThe html package (aka x/net/html) through 2018-09-17 in Go mishandles <math><template><mo><template>, leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call.
1 affected packages
golang-golang-x-net-dev
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang-golang-x-net-dev | — | — | — | Not affected | Not affected |