rpm package
opensuse/go1.4&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/go1.4&distro=openSUSE%20Tumbleweed
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-15042 | Med | 5.9 | < 1.4.3-12.2 | 1.4.3-12.2 | Oct 5, 2017 | An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before 1.9.1. RFC 4954 requires that, during SMTP, the PLAIN auth scheme must only be used on network connections secured with TLS. The original implementation of smtp.PlainAuth in Go 1.0 enforced this requirement, | |
| CVE-2017-15041 | Cri | 9.8 | < 1.4.3-12.2 | 1.4.3-12.2 | Oct 5, 2017 | Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git repository. If the Subversion repository in | |
| CVE-2016-5386 | Hig | 8.1 | < 1.4.3-12.2 | 1.4.3-12.2 | Jul 19, 2016 | The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to | |
| CVE-2014-7189 | — | < 1.4.3-12.2 | 1.4.3-12.2 | Oct 7, 2014 | crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle attackers to spoof clients via unspecified vectors. |
- affected < 1.4.3-12.2fixed 1.4.3-12.2
An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before 1.9.1. RFC 4954 requires that, during SMTP, the PLAIN auth scheme must only be used on network connections secured with TLS. The original implementation of smtp.PlainAuth in Go 1.0 enforced this requirement,
- affected < 1.4.3-12.2fixed 1.4.3-12.2
Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git repository. If the Subversion repository in
- affected < 1.4.3-12.2fixed 1.4.3-12.2
The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to
- CVE-2014-7189Oct 7, 2014affected < 1.4.3-12.2fixed 1.4.3-12.2
crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle attackers to spoof clients via unspecified vectors.