Search CVE reports
91 – 100 of 105 results
Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program...
8 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.15...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang | — | — | Not in release | Not in release |
| golang-1.10 | — | — | Not in release | Not affected |
| golang-1.13 | — | — | Not affected | Not affected |
| golang-1.14 | — | — | Not affected | Not in release |
| golang-1.15 | — | — | Not in release | Not in release |
| golang-1.6 | — | — | Not in release | Not in release |
| golang-1.8 | — | — | Not in release | Not affected |
| golang-1.9 | — | — | Not in release | Not affected |
In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.
8 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.15...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | Not in release |
| golang-1.10 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.13 | Not in release | Vulnerable | Vulnerable | Vulnerable |
| golang-1.14 | Not in release | Not in release | Vulnerable | Not in release |
| golang-1.15 | — | — | Not in release | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.9 | Not in release | Not in release | Not in release | Vulnerable |
The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during...
8 affected packages
golang, golang-1.10, golang-1.14, golang-1.6, golang-1.8...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | Not in release |
| golang-1.10 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.14 | Not in release | Not in release | Vulnerable | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.9 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.13 | Not in release | Vulnerable | Vulnerable | Vulnerable |
| golang-1.15 | — | — | Not in release | Not in release |
The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways...
8 affected packages
golang-1.10, golang, golang-1.14, golang-1.6, golang-1.8...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-1.10 | Not in release | Not in release | Not in release | Vulnerable |
| golang | Not in release | Not in release | Not in release | Not in release |
| golang-1.14 | Not in release | Not in release | Vulnerable | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.9 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.13 | Not in release | Vulnerable | Vulnerable | Vulnerable |
| golang-1.15 | — | — | Not in release | Not in release |
The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways...
8 affected packages
golang, golang-1.10, golang-1.14, golang-1.6, golang-1.8...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | Not in release |
| golang-1.10 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.14 | Not in release | Not in release | Vulnerable | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.9 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.13 | Not in release | Vulnerable | Vulnerable | Vulnerable |
| golang-1.15 | — | — | Not in release | Not in release |
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive.
8 affected packages
golang, golang-1.10, golang-1.14, golang-1.6, golang-1.8...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | Not in release |
| golang-1.10 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.14 | Not in release | Not in release | Vulnerable | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation |
| golang-1.9 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.13 | Not in release | Vulnerable | Vulnerable | Vulnerable |
| golang-1.15 | — | — | Not in release | Not in release |
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file.
8 affected packages
golang, golang-1.6, golang-1.10, golang-1.14, golang-1.8...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release |
| golang-1.10 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.14 | Not in release | Not in release | Vulnerable | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.9 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.13 | Not in release | Vulnerable | Vulnerable | Vulnerable |
| golang-1.15 | — | — | Not in release | Not in release |
Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.
8 affected packages
golang, golang-1.6, golang-1.10, golang-1.13, golang-1.15...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release |
| golang-1.10 | Not in release | Not in release | Not in release | Not affected |
| golang-1.13 | Not in release | Not affected | Not affected | Not affected |
| golang-1.15 | — | — | Not in release | Not in release |
| golang-1.14 | Not in release | Not in release | Vulnerable | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Not affected |
| golang-1.9 | Not in release | Not in release | Not in release | Not affected |
Some fixes available 5 of 17
Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header.
8 affected packages
golang-1.10, golang-1.15, golang-1.8, golang-1.14, golang...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-1.10 | Not in release | Not in release | Not in release | Fixed |
| golang-1.15 | — | — | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Fixed | Not in release |
| golang | Not in release | Not in release | Not in release | Not in release |
| golang-1.13 | Not in release | Vulnerable | Vulnerable | Vulnerable |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release |
| golang-1.9 | Not in release | Not in release | Not in release | Needs evaluation |
Some fixes available 7 of 17
Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.
8 affected packages
golang-1.13, golang, golang-1.10, golang-1.14, golang-1.15...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-1.13 | Not in release | Fixed | Fixed | Fixed |
| golang | Not in release | Not in release | Not in release | Not in release |
| golang-1.10 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.14 | Not in release | Not in release | Vulnerable | Not in release |
| golang-1.15 | — | — | Not in release | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.9 | Not in release | Not in release | Not in release | Vulnerable |