NVD - Results

Sort results by:

Search Results (Refine Search)

Search Parameters:

Results Type: Overview
Keyword (text search): cpe:2.3:a:golang:go:1.14.0:*:*:*:*:*:*:*
CPE Name Search: true

There are 86 matching records.

Displaying matches 81 through 86.

Vuln ID	Summary	CVSS Severity
CVE-2020-28366	Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file. Published: November 18, 2020; 12:15:11 PM -0500	V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.1 MEDIUM
CVE-2020-28362	Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. Published: November 18, 2020; 12:15:11 PM -0500	V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM
CVE-2020-24553	Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header. Published: September 02, 2020; 1:15:12 PM -0400	V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM
CVE-2020-16845	Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs. Published: August 06, 2020; 2:15:13 PM -0400	V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM
CVE-2020-15586	Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time. Published: July 17, 2020; 12:15:11 PM -0400	V4.0:(not available) V3.1: 5.9 MEDIUM V2.0: 4.3 MEDIUM
CVE-2020-14039	In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows). Thus, X.509 certificate verification is incomplete. Published: July 17, 2020; 12:15:11 PM -0400	V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM