Search CVE reports
81 – 84 of 84 results
Some fixes available 8 of 21
The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This may cause the template parser to improperly interpret the contents of <script> contexts,...
13 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.10 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| golang-1.13 | Not in release | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
| golang-1.14 | Not in release | Not in release | Not in release | Needs evaluation | Not in release |
| golang-1.16 | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
| golang-1.17 | Not in release | Not in release | Fixed | Not in release | Not in release |
| golang-1.18 | Not in release | Not in release | Fixed | Fixed | Fixed |
| golang-1.19 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.20 | Not in release | Not in release | Fixed | Fixed | Not in release |
| golang-1.21 | Not in release | Not affected | Not affected | Not affected | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| golang-1.9 | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
Some fixes available 6 of 18
A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This...
14 affected packages
containerd, golang, golang-1.10, golang-1.13, golang-1.14...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| containerd | Not affected | Not affected | Not affected | Not affected | Not affected |
| golang | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.10 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.13 | Not in release | Not in release | Vulnerable | Vulnerable | Vulnerable |
| golang-1.14 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
| golang-1.16 | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
| golang-1.17 | Not in release | Not in release | Fixed | Not in release | Not in release |
| golang-1.18 | Not in release | Not in release | Fixed | Fixed | Fixed |
| golang-1.19 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.20 | Not in release | Not in release | Not affected | Not affected | Not in release |
| golang-1.21 | Not in release | Not affected | Not affected | Not affected | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.9 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
Some fixes available 6 of 12
Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all...
13 affected packages
golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.10 | Not in release | Not in release | Not in release | Not in release | Not affected |
| golang-1.13 | Not in release | Not in release | Vulnerable | Vulnerable | Vulnerable |
| golang-1.14 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
| golang-1.16 | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
| golang-1.17 | Not in release | Not in release | Fixed | Not in release | Not in release |
| golang-1.18 | Not in release | Not in release | Fixed | Fixed | Fixed |
| golang-1.19 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.20 | Not in release | Not in release | Not affected | Not affected | Not in release |
| golang-1.21 | Not in release | Not affected | Not affected | Not affected | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Not in release | Not affected |
| golang-1.9 | Not in release | Not in release | Not in release | Not in release | Not affected |
Some fixes available 23 of 38
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.
20 affected packages
adsys, containerd, golang, golang-1.10, golang-1.13...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| adsys | Not affected | Not affected | Not affected | Fixed | — |
| containerd | Not affected | Not affected | Not affected | Not affected | Not affected |
| golang | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.10 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.13 | Not in release | Not in release | Vulnerable | Vulnerable | Vulnerable |
| golang-1.14 | Not in release | Not in release | Not in release | Vulnerable | Not in release |
| golang-1.16 | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
| golang-1.17 | Not in release | Not in release | Fixed | Not in release | Not in release |
| golang-1.18 | Not in release | Not in release | Fixed | Fixed | Fixed |
| golang-1.19 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.20 | Not in release | Not in release | Not affected | Not affected | Not in release |
| golang-1.21 | Not in release | Not affected | Not affected | Not affected | Not in release |
| golang-1.6 | Not in release | Not in release | Not in release | Not in release | Not in release |
| golang-1.8 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| golang-1.9 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| golang-golang-x-net | Not affected | Not affected | Fixed | Not in release | Not in release |
| golang-golang-x-net-dev | Not in release | Not in release | Not in release | Fixed | Fixed |
| google-guest-agent | Fixed | Fixed | Fixed | Fixed | Fixed |
| juju-core | Not in release | Not in release | Not in release | — | — |
| lxd | Not in release | Not in release | Not in release | Not affected | Fixed |