Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

61 – 70 of 70 results


CVE-2020-29510

Medium priority
Vulnerable

The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways...

8 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.15...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang Not in release Not in release Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Vulnerable Vulnerable
golang-1.13 Not in release Vulnerable Vulnerable Vulnerable Vulnerable
golang-1.14 Not in release Not in release Vulnerable Not in release Not in release
golang-1.15 Not in release Not in release Not in release
golang-1.6 Not in release Not in release Not in release Not in release Vulnerable
golang-1.8 Not in release Not in release Not in release Vulnerable Not in release
golang-1.9 Not in release Not in release Not in release Vulnerable Not in release
Show all 8 packages Show less packages

CVE-2020-29509

Medium priority
Vulnerable

The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways...

8 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.15...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang Not in release Not in release Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Vulnerable Vulnerable
golang-1.13 Not in release Vulnerable Vulnerable Vulnerable Vulnerable
golang-1.14 Not in release Not in release Vulnerable Not in release Not in release
golang-1.15 Not in release Not in release Not in release
golang-1.6 Not in release Not in release Not in release Not in release Vulnerable
golang-1.8 Not in release Not in release Not in release Vulnerable Not in release
golang-1.9 Not in release Not in release Not in release Vulnerable Not in release
Show all 8 packages Show less packages

CVE-2020-28367

Medium priority
Vulnerable

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive.

8 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.15...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang Not in release Not in release Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Vulnerable Needs evaluation
golang-1.13 Not in release Vulnerable Vulnerable Vulnerable Vulnerable
golang-1.14 Not in release Not in release Vulnerable Not in release Not in release
golang-1.15 Not in release Not in release Not in release
golang-1.6 Not in release Not in release Not in release Not in release Needs evaluation
golang-1.8 Not in release Not in release Not in release Needs evaluation Not in release
golang-1.9 Not in release Not in release Not in release Vulnerable Not in release
Show all 8 packages Show less packages

CVE-2020-28366

Medium priority
Vulnerable

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file.

8 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.15...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang Not in release Not in release Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Vulnerable Vulnerable
golang-1.13 Not in release Vulnerable Vulnerable Vulnerable Vulnerable
golang-1.14 Not in release Not in release Vulnerable Not in release Not in release
golang-1.15 Not in release Not in release Not in release
golang-1.6 Not in release Not in release Not in release Not in release Needs evaluation
golang-1.8 Not in release Not in release Not in release Vulnerable Not in release
golang-1.9 Not in release Not in release Not in release Vulnerable Not in release
Show all 8 packages Show less packages

CVE-2020-28362

Medium priority
Vulnerable

Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.

8 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.15...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang Not in release Not in release Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Not affected Not affected
golang-1.13 Not in release Not affected Not affected Not affected Not affected
golang-1.14 Not in release Not in release Vulnerable Not in release Not in release
golang-1.15 Not in release Not in release Not in release
golang-1.6 Not in release Not in release Not in release Not in release Not affected
golang-1.8 Not in release Not in release Not in release Not affected Not in release
golang-1.9 Not in release Not in release Not in release Not affected Not in release
Show all 8 packages Show less packages

CVE-2020-24553

Low priority

Some fixes available 5 of 17

Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header.

8 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.15...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang Not in release Not in release Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Fixed Fixed
golang-1.13 Not in release Vulnerable Vulnerable Vulnerable Vulnerable
golang-1.14 Not in release Not in release Fixed Not in release Not in release
golang-1.15 Not in release Not in release Not in release
golang-1.6 Not in release Not in release Not in release Not in release Needs evaluation
golang-1.8 Not in release Not in release Not in release Needs evaluation Not in release
golang-1.9 Not in release Not in release Not in release Needs evaluation Not in release
Show all 8 packages Show less packages

CVE-2020-16845

Low priority

Some fixes available 7 of 17

Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.

8 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.15...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang Not in release Not in release Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Vulnerable Needs evaluation
golang-1.13 Not in release Fixed Fixed Fixed Fixed
golang-1.14 Not in release Not in release Vulnerable Not in release Not in release
golang-1.15 Not in release Not in release Not in release
golang-1.6 Not in release Not in release Not in release Not in release Needs evaluation
golang-1.8 Not in release Not in release Not in release Vulnerable Not in release
golang-1.9 Not in release Not in release Not in release Vulnerable Not in release
Show all 8 packages Show less packages

CVE-2020-15586

Low priority

Some fixes available 2 of 18

Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time.

8 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.15...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang Not in release Not in release Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Vulnerable Needs evaluation
golang-1.13 Not in release Vulnerable Vulnerable Vulnerable Vulnerable
golang-1.14 Not in release Not in release Vulnerable Not in release Not in release
golang-1.15 Not in release Not in release Not in release
golang-1.6 Not in release Not in release Not in release Not in release Needs evaluation
golang-1.8 Not in release Not in release Not in release Vulnerable Not in release
golang-1.9 Not in release Not in release Not in release Vulnerable Not in release
Show all 8 packages Show less packages

CVE-2020-14039

Medium priority
Ignored

In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows). Thus, X.509 certificate...

10 affected packages

golang, golang-1.10, golang-1.11, golang-1.12, golang-1.13...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang Not in release Not in release Not in release
golang-1.10 Not in release Not affected Not affected
golang-1.11 Not in release Not in release Not in release
golang-1.12 Not in release Not in release Not in release
golang-1.13 Not affected Not affected Not affected
golang-1.14 Not affected Not in release Not in release
golang-1.15 Not in release Not in release Not in release
golang-1.6 Not in release Not in release Not affected
golang-1.8 Not in release Not affected Not in release
golang-1.9 Not in release Not affected Not in release
Show all 10 packages Show less packages

CVE-2020-7919

Medium priority

Some fixes available 3 of 12

Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate.

9 affected packages

golang, golang-1.10, golang-1.11, golang-1.12, golang-1.13...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang Not in release Not in release Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Vulnerable Needs evaluation
golang-1.11 Not in release Not in release Not in release Not in release Not in release
golang-1.12 Not in release Not in release Not in release Not in release Not in release
golang-1.13 Not in release Not affected Not affected Vulnerable Vulnerable
golang-1.14 Not in release Not in release Fixed Not in release Not in release
golang-1.6 Not in release Not in release Not in release Not in release Not affected
golang-1.8 Not in release Not in release Not in release Not affected Not in release
golang-1.9 Not in release Not in release Not in release Not affected Not in release
Show all 9 packages Show less packages