Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

11 – 16 of 16 results


CVE-2023-45288

Medium priority

Some fixes available 2 of 24

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames...

14 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Needs evaluation Needs evaluation
golang-1.13 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
golang-1.14 Not in release Not in release Needs evaluation
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation
golang-1.17 Not in release Needs evaluation Not in release
golang-1.18 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
golang-1.19 Not in release Not in release Not in release
golang-1.20 Not in release Needs evaluation Needs evaluation
golang-1.21 Not affected Fixed Fixed
golang-1.22 Not affected Not affected Not affected
golang-1.6 Not in release Not in release Not in release Needs evaluation
golang-1.8 Not in release Not in release Not in release Needs evaluation
golang-1.9 Not in release Not in release Not in release Needs evaluation
Show all 14 packages Show less packages

CVE-2024-24785

Medium priority

Some fixes available 3 of 21

If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content...

13 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang Not in release Not in release Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Needs evaluation Needs evaluation
golang-1.13 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
golang-1.14 Not in release Not in release Needs evaluation Not in release Not in release
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation Not in release
golang-1.17 Not in release Fixed Not in release Not in release Not in release
golang-1.18 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
golang-1.19 Not in release Not in release Not in release
golang-1.21 Not affected Fixed Fixed
golang-1.22 Not affected Not affected Not affected
golang-1.6 Not in release Not in release Not in release Not in release Needs evaluation
golang-1.8 Not in release Not in release Not in release Needs evaluation Not in release
golang-1.9 Not in release Not in release Not in release Needs evaluation Not in release
Show all 13 packages Show less packages

CVE-2024-24784

Medium priority

Some fixes available 2 of 24

The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by...

14 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Needs evaluation Needs evaluation
golang-1.13 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
golang-1.14 Not in release Not in release Needs evaluation
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation
golang-1.17 Not in release Needs evaluation Not in release
golang-1.18 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
golang-1.19 Not in release Not in release Not in release
golang-1.20 Not in release Needs evaluation Needs evaluation
golang-1.21 Not affected Fixed Fixed
golang-1.22 Not affected Not affected Not affected
golang-1.6 Not in release Not in release Not in release Needs evaluation
golang-1.8 Not in release Not in release Not in release Needs evaluation
golang-1.9 Not in release Not in release Not in release Needs evaluation
Show all 14 packages Show less packages

CVE-2024-24783

Medium priority

Some fixes available 2 of 24

Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth...

14 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Needs evaluation Needs evaluation
golang-1.13 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
golang-1.14 Not in release Not in release Needs evaluation
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation
golang-1.17 Not in release Needs evaluation Not in release
golang-1.18 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
golang-1.19 Not in release Not in release Not in release
golang-1.20 Not in release Needs evaluation Needs evaluation
golang-1.21 Not affected Fixed Fixed
golang-1.22 Not affected Not affected Not affected
golang-1.6 Not in release Not in release Not in release Needs evaluation
golang-1.8 Not in release Not in release Not in release Needs evaluation
golang-1.9 Not in release Not in release Not in release Needs evaluation
Show all 14 packages Show less packages

CVE-2023-45290

Medium priority

Some fixes available 2 of 24

When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to...

14 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Needs evaluation Needs evaluation
golang-1.13 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
golang-1.14 Not in release Not in release Needs evaluation
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation
golang-1.17 Not in release Needs evaluation Not in release
golang-1.18 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
golang-1.19 Not in release Not in release Not in release
golang-1.20 Not in release Needs evaluation Needs evaluation
golang-1.21 Not affected Fixed Fixed
golang-1.22 Not affected Not affected Not affected
golang-1.6 Not in release Not in release Not in release Needs evaluation
golang-1.8 Not in release Not in release Not in release Needs evaluation
golang-1.9 Not in release Not in release Not in release Needs evaluation
Show all 14 packages Show less packages

CVE-2023-45289

Medium priority

Some fixes available 2 of 24

When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from...

14 affected packages

golang, golang-1.10, golang-1.13, golang-1.14, golang-1.16...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang Not in release Not in release Not in release
golang-1.10 Not in release Not in release Not in release Needs evaluation Needs evaluation
golang-1.13 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
golang-1.14 Not in release Not in release Needs evaluation
golang-1.16 Not in release Not in release Needs evaluation Needs evaluation
golang-1.17 Not in release Needs evaluation Not in release
golang-1.18 Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
golang-1.19 Not in release Not in release Not in release
golang-1.20 Not in release Needs evaluation Needs evaluation
golang-1.21 Not affected Fixed Fixed
golang-1.22 Not affected Not affected Not affected
golang-1.6 Not in release Not in release Not in release Needs evaluation
golang-1.8 Not in release Not in release Not in release Needs evaluation
golang-1.9 Not in release Not in release Not in release Needs evaluation
Show all 14 packages Show less packages