go1.14 (SUSE:Linux Enterprise Module for Development Tools 15 SP1) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Module for Development Tools 15 SP1 package go1.14, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVE-2020-28367 — CVSS 7.5 (high): Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc…
CVE-2020-16845 — CVSS 7.5 (high): Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.
CVE-2020-28366 — CVSS 7.5 (high): Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious…
CVE-2020-24553 — CVSS 6.1 (medium): Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header.
CVE-2020-15586 — CVSS 5.9 (medium): Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler…
CVE-2020-14039 — CVSS 5.3 (medium): In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if…