Search CVE reports


Toggle filters

11 – 20 of 64 results


CVE-2023-45288

Medium priority

Some fixes available 7 of 24

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames...

14 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Needs evaluation Needs evaluation
golang-1.13 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
golang-1.14 Not in release Not in release Needs evaluation
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation
golang-1.17 Not in release Fixed Not in release
golang-1.18 Not in release Fixed Fixed Fixed Fixed
golang-1.19 Not in release Not in release Not in release
golang-1.20 Not in release Needs evaluation Needs evaluation
golang-1.21 Not affected Fixed Fixed
golang-1.22 Not affected Not affected Not affected
golang-1.6 Not in release Not in release Not in release Needs evaluation
golang-1.8 Not in release Not in release Not in release Needs evaluation
golang-1.9 Not in release Not in release Not in release Needs evaluation
Show all 14 packages Show less packages

CVE-2024-24785

Medium priority

Some fixes available 7 of 21

If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content...

13 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang Not in release Not in release Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Needs evaluation Needs evaluation
golang-1.13 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
golang-1.14 Not in release Not in release Needs evaluation Not in release Not in release
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation Not in release
golang-1.17 Not in release Fixed Not in release Not in release Not in release
golang-1.18 Not in release Fixed Fixed Fixed Fixed
golang-1.19 Not in release Not in release Not in release
golang-1.21 Not affected Fixed Fixed
golang-1.22 Not affected Not affected Not affected
golang-1.6 Not in release Not in release Not in release Not in release Needs evaluation
golang-1.8 Not in release Not in release Not in release Needs evaluation Not in release
golang-1.9 Not in release Not in release Not in release Needs evaluation Not in release
Show all 13 packages Show less packages

CVE-2024-24784

Medium priority

Some fixes available 7 of 24

The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by...

14 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Needs evaluation Needs evaluation
golang-1.13 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
golang-1.14 Not in release Not in release Needs evaluation
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation
golang-1.17 Not in release Fixed Not in release
golang-1.18 Not in release Fixed Fixed Fixed Fixed
golang-1.19 Not in release Not in release Not in release
golang-1.20 Not in release Needs evaluation Needs evaluation
golang-1.21 Not affected Fixed Fixed
golang-1.22 Not affected Not affected Not affected
golang-1.6 Not in release Not in release Not in release Needs evaluation
golang-1.8 Not in release Not in release Not in release Needs evaluation
golang-1.9 Not in release Not in release Not in release Needs evaluation
Show all 14 packages Show less packages

CVE-2024-24783

Medium priority

Some fixes available 7 of 24

Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth...

14 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Needs evaluation Needs evaluation
golang-1.13 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
golang-1.14 Not in release Not in release Needs evaluation
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation
golang-1.17 Not in release Fixed Not in release
golang-1.18 Not in release Fixed Fixed Fixed Fixed
golang-1.19 Not in release Not in release Not in release
golang-1.20 Not in release Needs evaluation Needs evaluation
golang-1.21 Not affected Fixed Fixed
golang-1.22 Not affected Not affected Not affected
golang-1.6 Not in release Not in release Not in release Needs evaluation
golang-1.8 Not in release Not in release Not in release Needs evaluation
golang-1.9 Not in release Not in release Not in release Needs evaluation
Show all 14 packages Show less packages

CVE-2023-45290

Medium priority

Some fixes available 7 of 24

When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to...

14 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Needs evaluation Needs evaluation
golang-1.13 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
golang-1.14 Not in release Not in release Needs evaluation
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation
golang-1.17 Not in release Fixed Not in release
golang-1.18 Not in release Fixed Fixed Fixed Fixed
golang-1.19 Not in release Not in release Not in release
golang-1.20 Not in release Needs evaluation Needs evaluation
golang-1.21 Not affected Fixed Fixed
golang-1.22 Not affected Not affected Not affected
golang-1.6 Not in release Not in release Not in release Needs evaluation
golang-1.8 Not in release Not in release Not in release Needs evaluation
golang-1.9 Not in release Not in release Not in release Needs evaluation
Show all 14 packages Show less packages

CVE-2023-45289

Medium priority

Some fixes available 2 of 24

When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from...

14 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Needs evaluation Needs evaluation
golang-1.13 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
golang-1.14 Not in release Not in release Needs evaluation
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation
golang-1.17 Not in release Needs evaluation Not in release
golang-1.18 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
golang-1.19 Not in release Not in release Not in release
golang-1.20 Not in release Needs evaluation Needs evaluation
golang-1.21 Not affected Fixed Fixed
golang-1.22 Not affected Not affected Not affected
golang-1.6 Not in release Not in release Not in release Needs evaluation
golang-1.8 Not in release Not in release Not in release Needs evaluation
golang-1.9 Not in release Not in release Not in release Needs evaluation
Show all 14 packages Show less packages

CVE-2023-45284

Medium priority
Needs evaluation

On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3,...

13 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang Not in release Not in release Not in release Ignored Ignored
golang-1.10 Not in release Not in release Not in release Needs evaluation Needs evaluation
golang-1.13 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
golang-1.14 Not in release Not in release Needs evaluation Not in release Not in release
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation Not in release
golang-1.17 Not in release Needs evaluation Not in release Not in release Not in release
golang-1.18 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
golang-1.19 Not in release Not in release Not in release Not in release Not in release
golang-1.20 Not in release Not affected Not affected Not in release Not in release
golang-1.21 Not affected Not affected Not affected Not in release Not in release
golang-1.6 Not in release Not in release Not in release Not in release Needs evaluation
golang-1.8 Not in release Not in release Not in release Needs evaluation Not in release
golang-1.9 Not in release Not in release Not in release Needs evaluation Not in release
Show all 13 packages Show less packages

CVE-2023-45283

Medium priority
Needs evaluation

The filepath package does not recognize paths with a \??\ prefix as special. On Windows, a path beginning with \??\ is a Root Local Device path equivalent to a path beginning with \\?\. Paths with a \??\ prefix may be used to...

13 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang Not in release Not in release Not in release Ignored Ignored
golang-1.10 Not in release Not in release Not in release Needs evaluation Needs evaluation
golang-1.13 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
golang-1.14 Not in release Not in release Needs evaluation Not in release Not in release
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation Not in release
golang-1.17 Not in release Needs evaluation Not in release Not in release Not in release
golang-1.18 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
golang-1.19 Not in release Not in release Not in release Not in release Not in release
golang-1.20 Not in release Not affected Not affected Not in release Not in release
golang-1.21 Not affected Not affected Not affected Not in release Not in release
golang-1.6 Not in release Not in release Not in release Not in release Needs evaluation
golang-1.8 Not in release Not in release Not in release Needs evaluation Not in release
golang-1.9 Not in release Not in release Not in release Needs evaluation Not in release
Show all 13 packages Show less packages

CVE-2023-39325

Medium priority

Some fixes available 13 of 27

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting,...

13 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang Not in release Not in release Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Needs evaluation Needs evaluation
golang-1.13 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
golang-1.14 Not in release Not in release Needs evaluation Not in release Not in release
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation Not in release
golang-1.17 Not in release Fixed Not in release Not in release Not in release
golang-1.18 Not in release Fixed Fixed Fixed Fixed
golang-1.19 Not in release Not in release Not in release Ignored Ignored
golang-1.20 Not in release Fixed Fixed Ignored Ignored
golang-1.21 Not affected Fixed Fixed Ignored Ignored
golang-1.6 Not in release Not in release Not in release Not in release Needs evaluation
golang-1.8 Not in release Not in release Not in release Needs evaluation Not in release
golang-1.9 Not in release Not in release Not in release Needs evaluation Not in release
Show all 13 packages Show less packages

CVE-2023-39323

Medium priority

Some fixes available 13 of 14

Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code...

5 affected packages

golang-1.17, golang-1.18, golang-1.19, golang-1.20, golang-1.21

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-1.17 Not in release Fixed Not in release
golang-1.18 Not in release Fixed Fixed Fixed Fixed
golang-1.19 Not in release Not in release Not in release Ignored Ignored
golang-1.20 Not in release Fixed Fixed Ignored Ignored
golang-1.21 Not affected Fixed Fixed Ignored Ignored
Show less packages