CVE search results

11 – 16 of 16 results

Detailed view

Sort by:

CVE-2022-29583

Medium priority

Ignored

service_windows.go in the kardianos service package for Go omits quoting that is sometimes needed for execution of a Windows service executable from the intended directory. NOTE: this finding could not be reproduced by...

2 affected packages

golang-github-kardianos-service, google-guest-agent

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang-github-kardianos-service	—	Not affected	Not affected	Not in release
google-guest-agent	—	Not affected	Not affected	Not affected

CVE-2021-44716

Medium priority

Some fixes available 7 of 23

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.

8 affected packages

golang-1.11, golang-1.17, golang-1.7, golang-1.8, golang-golang-x-net...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang-1.11	Not in release	Not in release	Not in release	Not in release
golang-1.17	Not in release	Vulnerable	Not in release	Not in release
golang-1.7	Not in release	Not in release	Not in release	Not in release
golang-1.8	Not in release	Not in release	Not in release	Vulnerable
golang-golang-x-net	Not affected	Not affected	Not in release	Not in release
golang-golang-x-net-dev	Not in release	Not in release	Vulnerable	Vulnerable
google-guest-agent	Fixed	Fixed	Fixed	Vulnerable
golang-1.15	—	—	Not in release	Not in release

CVE-2021-31525

Low priority

Needs evaluation

net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some...

6 affected packages

golang-1.11, golang-1.15, golang-1.16, golang-golang-x-net, golang-golang-x-net-dev, google-guest-agent

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang-1.11	Not in release	Not in release	Not in release	Not in release
golang-1.15	—	—	Not in release	Not in release
golang-1.16	Not in release	Not in release	Needs evaluation	Needs evaluation
golang-golang-x-net	Not affected	Not affected	Not in release	Not in release
golang-golang-x-net-dev	Not in release	Not in release	Needs evaluation	Needs evaluation
google-guest-agent	Not affected	Not affected	Not affected	Not affected

CVE-2021-33194

Medium priority

Needs evaluation

golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input.

3 affected packages

golang-golang-x-net-dev, google-guest-agent, golang-golang-x-net

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
golang-golang-x-net-dev	Not in release	Not in release	Needs evaluation	Needs evaluation
google-guest-agent	Not affected	Not affected	Not affected	Not affected
golang-golang-x-net	Needs evaluation	Needs evaluation	Not in release	Not in release

CVE-2020-28852

Low priority

Some fixes available 3 of 9

In x/text in Go before v0.3.5, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)

3 affected packages

google-guest-agent, golang-x-text, golang-golang-x-text

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
google-guest-agent	Not affected	Not affected	Not affected	Not affected
golang-x-text	Not in release	Not in release	Vulnerable	Fixed
golang-golang-x-text	Not affected	Not affected	Fixed	Not in release

CVE-2020-28851

Low priority

Some fixes available 3 of 10

In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)

3 affected packages

google-guest-agent, golang-x-text, golang-golang-x-text

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
google-guest-agent	Not affected	Not affected	Not affected	Not affected
golang-x-text	Not in release	Not in release	Vulnerable	Fixed
golang-golang-x-text	Not affected	Not affected	Fixed	Not in release

Export to JSON

Results by page:

Search CVE reports