VYPR

rpm package

suse/go1.14&distro=SUSE Linux Enterprise Module for Development Tools 15 SP1

pkg:rpm/suse/go1.14&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1

Vulnerabilities (7)

  • CVE-2020-28362Nov 18, 2020
    affected < 1.14.12-1.26.1fixed 1.14.12-1.26.1

    Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.

  • CVE-2020-28367Nov 18, 2020
    affected < 1.14.12-1.26.1fixed 1.14.12-1.26.1

    Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive.

  • CVE-2020-28366Nov 18, 2020
    affected < 1.14.12-1.26.1fixed 1.14.12-1.26.1

    Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file.

  • CVE-2020-24553Sep 2, 2020
    affected < 1.14.9-1.18.1fixed 1.14.9-1.18.1

    Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header.

  • CVE-2020-16845Aug 6, 2020
    affected < 1.14.7-1.15.1fixed 1.14.7-1.15.1

    Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.

  • CVE-2020-14039Jul 17, 2020
    affected < 1.14.7-1.15.1fixed 1.14.7-1.15.1

    In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows). Thus, X.509 certificate verification is incomplete.

  • CVE-2020-15586Jul 17, 2020
    affected < 1.14.7-1.15.1fixed 1.14.7-1.15.1

    Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time.