VYPR

rpm package

opensuse/go1.14&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/go1.14&distro=openSUSE%20Tumbleweed

Vulnerabilities (9)

  • CVE-2021-3114Jan 26, 2021
    affected < 1.14.15-1.6fixed 1.14.15-1.6

    In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.

  • CVE-2021-3115Jan 26, 2021
    affected < 1.14.15-1.6fixed 1.14.15-1.6

    Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).

  • CVE-2020-28362Nov 18, 2020
    affected < 1.14.15-1.6fixed 1.14.15-1.6

    Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.

  • CVE-2020-28367Nov 18, 2020
    affected < 1.14.15-1.6fixed 1.14.15-1.6

    Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive.

  • CVE-2020-28366Nov 18, 2020
    affected < 1.14.15-1.6fixed 1.14.15-1.6

    Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file.

  • CVE-2020-24553Sep 2, 2020
    affected < 1.14.15-1.6fixed 1.14.15-1.6

    Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header.

  • CVE-2020-16845Aug 6, 2020
    affected < 1.14.15-1.6fixed 1.14.15-1.6

    Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.

  • CVE-2020-14039Jul 17, 2020
    affected < 1.14.15-1.6fixed 1.14.15-1.6

    In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows). Thus, X.509 certificate verification is incomplete.

  • CVE-2020-15586Jul 17, 2020
    affected < 1.14.15-1.6fixed 1.14.15-1.6

    Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time.