Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

61 – 70 of 72 results

CVE-2021-41772

Medium priority
Needs evaluation

Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field.

6 affected packages

golang-1.11, golang-1.15, golang-1.16, golang-1.17, golang-1.7, golang-1.8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-1.11 Ignored
golang-1.15 Ignored
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation Ignored
golang-1.17 Not in release Needs evaluation Ignored
golang-1.7 Ignored
golang-1.8 Needs evaluation Ignored
Show less packages

CVE-2021-41771

Low priority
Needs evaluation

ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.

6 affected packages

golang-1.11, golang-1.15, golang-1.16, golang-1.17, golang-1.7, golang-1.8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-1.11 Ignored
golang-1.15 Ignored
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation Ignored
golang-1.17 Not in release Needs evaluation Ignored
golang-1.7 Ignored
golang-1.8 Needs evaluation Ignored
Show less packages

CVE-2021-38297

Medium priority
Needs evaluation

Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used.

9 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.15...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang Not in release Not in release Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Needs evaluation Needs evaluation
golang-1.13 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
golang-1.14 Not in release Not in release Needs evaluation Not in release Not in release
golang-1.15 Not in release Not in release Not in release
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation Ignored
golang-1.6 Not in release Not in release Not in release Not in release Needs evaluation
golang-1.8 Not in release Not in release Not in release Needs evaluation Not in release
golang-1.9 Not in release Not in release Not in release Needs evaluation Not in release
Show all 9 packages Show less packages

CVE-2021-36221

Medium priority
Needs evaluation

Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.

9 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.15...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang Not in release Not in release Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Needs evaluation Needs evaluation
golang-1.13 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
golang-1.14 Not in release Not in release Needs evaluation Not in release Not in release
golang-1.15 Not in release Not in release Not in release
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation Ignored
golang-1.6 Not in release Not in release Not in release Not in release Needs evaluation
golang-1.8 Not in release Not in release Not in release Needs evaluation Not in release
golang-1.9 Not in release Not in release Not in release Needs evaluation Not in release
Show all 9 packages Show less packages

CVE-2021-29923

Medium priority
Needs evaluation

Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of...

9 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.15...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang Not in release Not in release Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Needs evaluation Needs evaluation
golang-1.13 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
golang-1.14 Not in release Not in release Needs evaluation Not in release Not in release
golang-1.15 Not in release Not in release Not in release
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation Ignored
golang-1.6 Not in release Not in release Not in release Not in release Needs evaluation
golang-1.8 Not in release Not in release Not in release Needs evaluation Not in release
golang-1.9 Not in release Not in release Not in release Needs evaluation Not in release
Show all 9 packages Show less packages

CVE-2021-33198

Low priority
Needs evaluation

In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.

5 affected packages

golang-1.11, golang-1.15, golang-1.16, golang-1.7, golang-1.8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-1.11 Not in release Not in release Not in release Not in release Ignored
golang-1.15 Not in release Not in release Ignored
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation Ignored
golang-1.7 Not in release Not in release Not in release Not in release Ignored
golang-1.8 Not in release Not in release Not in release Needs evaluation Ignored
Show less packages

CVE-2021-33197

Medium priority
Needs evaluation

In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.

5 affected packages

golang-1.11, golang-1.15, golang-1.16, golang-1.7, golang-1.8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-1.11 Not in release Not in release Not in release Not in release Ignored
golang-1.15 Not in release Not in release Ignored
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation Ignored
golang-1.7 Not in release Not in release Not in release Not in release Ignored
golang-1.8 Not in release Not in release Not in release Needs evaluation Ignored
Show less packages

CVE-2021-33196

Medium priority
Needs evaluation

In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic.

5 affected packages

golang-1.11, golang-1.15, golang-1.16, golang-1.7, golang-1.8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-1.11 Not in release Not in release Not in release Not in release Ignored
golang-1.15 Not in release Not in release Ignored
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation Ignored
golang-1.7 Not in release Not in release Not in release Not in release Ignored
golang-1.8 Not in release Not in release Not in release Needs evaluation Ignored
Show less packages

CVE-2021-33195

Medium priority
Needs evaluation

Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format.

5 affected packages

golang-1.11, golang-1.15, golang-1.16, golang-1.7, golang-1.8

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-1.11 Not in release Not in release Not in release Not in release Ignored
golang-1.15 Not in release Not in release Ignored
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation Ignored
golang-1.7 Not in release Not in release Not in release Not in release Ignored
golang-1.8 Not in release Not in release Not in release Needs evaluation Ignored
Show less packages

CVE-2021-34558

Medium priority
Needs evaluation

The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS...

9 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.15...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang Not in release Not in release Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Needs evaluation Needs evaluation
golang-1.13 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
golang-1.14 Not in release Not in release Needs evaluation Not in release Not in release
golang-1.15 Not in release Not in release Not in release
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation Ignored
golang-1.6 Not in release Not in release Not in release Not in release Needs evaluation
golang-1.8 Not in release Not in release Not in release Needs evaluation Not in release
golang-1.9 Not in release Not in release Not in release Needs evaluation Not in release
Show all 9 packages Show less packages
  1. Previous page
  2. 4
  3. 5
  4. 6
  5. 7
  6. 8
  7. Next page
Export to JSON