go1.15 (SUSE:Linux Enterprise Module for Development Tools 15 SP2) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Module for Development Tools 15 SP2 package go1.15, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVE-2021-33196 — CVSS 7.5 (high): In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or…
CVE-2020-28366 — CVSS 7.5 (high): Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious…
CVE-2020-28367 — CVSS 7.5 (high): Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc…
CVE-2021-27918 — CVSS 7.5 (high): encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns…
CVE-2021-33198 — CVSS 7.5 (high): In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText…
CVE-2021-3115 — CVSS 7.5 (high): Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the "go get"…
CVE-2021-33195 — CVSS 7.3 (high): Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return…
CVE-2021-3114 — CVSS 6.5 (medium): In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the…
CVE-2021-34558 — CVSS 6.5 (medium): The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the…
CVE-2020-24553 — CVSS 6.1 (medium): Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header.
CVE-2021-36221 — CVSS 5.9 (medium): Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an…
CVE-2021-31525 — CVSS 5.9 (medium): net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to…
CVE-2021-33197 — CVSS 5.3 (medium): In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an…