CVE search results

271 – 280 of 369 results

Detailed view

Sort by:

CVE-2021-3127

Medium priority

Vulnerable

NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled.

1 affected package

golang-github-nats-io-jwt

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang-github-nats-io-jwt	Not affected	Vulnerable	Vulnerable	Not in release

archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename.

8 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.15...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang	Not in release	Not in release	Not in release	Not in release
golang-1.10	Not in release	Not in release	Not in release	Needs evaluation
golang-1.13	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
golang-1.14	Not in release	Not in release	Needs evaluation	Not in release
golang-1.15	—	—	Not in release	Not in release
golang-1.6	Not in release	Not in release	Not in release	Not in release
golang-1.8	Not in release	Not in release	Not in release	Needs evaluation
golang-1.9	Not in release	Not in release	Not in release	Needs evaluation

CVE-2021-27918

Medium priority

Needs evaluation

encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method.

8 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.15...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang	Not in release	Not in release	Not in release	Not in release
golang-1.10	Not in release	Not in release	Not in release	Needs evaluation
golang-1.13	Not in release	Needs evaluation	Needs evaluation	Needs evaluation
golang-1.14	Not in release	Not in release	Needs evaluation	Not in release
golang-1.15	—	—	Not in release	Not in release
golang-1.6	Not in release	Not in release	Not in release	Not in release
golang-1.8	Not in release	Not in release	Not in release	Needs evaluation
golang-1.9	Not in release	Not in release	Not in release	Needs evaluation

CVE-2021-23351

Medium priority

Vulnerable

The package github.com/pires/go-proxyproto before 0.5.0 are vulnerable to Denial of Service (DoS) via the parseVersion1() function. The reader in this package is a default bufio.Reader wrapping a net.Conn. It will read from the...

1 affected package

golang-github-pires-go-proxyproto

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang-github-pires-go-proxyproto	Not affected	Vulnerable	Not in release	Not in release

CVE-2021-3115

Medium priority

Not affected

Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get" command to fetch modules that make use of cgo (for example, cgo can execute a gcc program...

8 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.15...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang	—	—	Not in release	Not in release
golang-1.10	—	—	Not in release	Not affected
golang-1.13	—	—	Not affected	Not affected
golang-1.14	—	—	Not affected	Not in release
golang-1.15	—	—	Not in release	Not in release
golang-1.6	—	—	Not in release	Not in release
golang-1.8	—	—	Not in release	Not affected
golang-1.9	—	—	Not in release	Not affected

CVE-2021-3114

Medium priority

Vulnerable

In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.

8 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.15...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang	Not in release	Not in release	Not in release	Not in release
golang-1.10	Not in release	Not in release	Not in release	Vulnerable
golang-1.13	Not in release	Vulnerable	Vulnerable	Vulnerable
golang-1.14	Not in release	Not in release	Vulnerable	Not in release
golang-1.15	—	—	Not in release	Not in release
golang-1.6	Not in release	Not in release	Not in release	Not in release
golang-1.8	Not in release	Not in release	Not in release	Vulnerable
golang-1.9	Not in release	Not in release	Not in release	Vulnerable

CVE-2020-28483

Medium priority

Needs evaluation

This affects all versions of package github.com/gin-gonic/gin. When gin is exposed directly to the internet, a client's IP can be spoofed by setting the X-Forwarded-For header.

1 affected package

golang-github-gin-gonic-gin

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang-github-gin-gonic-gin	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2021-3121

Medium priority

Some fixes available 10 of 14

An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue.

1 affected package

golang-gogoprotobuf

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang-gogoprotobuf	Fixed	Fixed	Needs evaluation	Needs evaluation

CVE-2020-36067

Medium priority

Needs evaluation

GJSON <=v1.6.5 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a crafted GET call.

1 affected package

golang-github-tidwall-gjson

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang-github-tidwall-gjson	Needs evaluation	Needs evaluation	Needs evaluation	Not in release

CVE-2020-36066

Medium priority

Needs evaluation

GJSON <1.6.5 allows attackers to cause a denial of service (remote) via crafted JSON.

1 affected package

golang-github-tidwall-gjson

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang-github-tidwall-gjson	Needs evaluation	Needs evaluation	Needs evaluation	Not in release

Export to JSON

Results by page:

Search CVE reports

CVE-2021-3127

CVE-2021-27919

CVE-2021-27918

CVE-2021-23351

CVE-2021-3115

CVE-2021-3114

CVE-2020-28483

CVE-2021-3121

CVE-2020-36067

CVE-2020-36066