Developer Tools Red Hat Developer Tools

Do you want an email whenever new security vulnerabilities are reported in Red Hat Developer Tools?

By the Year

In 2021 there have been 0 vulnerabilities in Red Hat Developer Tools . Developer Tools did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2021 0 0.00
2020 0 0.00
2019 4 7.15
2018 0 0.00

It may take a day or so for new Developer Tools vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Red Hat Developer Tools Security Vulnerabilities

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key

CVE-2019-17596 7.5 - High - October 24, 2019

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.

Interpretation Conflict

Go before 1.12.10 and 1.13.x before 1.13.1

CVE-2019-16276 7.5 - High - September 30, 2019

Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.

HTTP Request Smuggling

A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20

CVE-2018-16871 7.5 - High - July 30, 2019

A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost.

NULL Pointer Dereference

An issue was discovered in net/http in Go 1.11.5

CVE-2019-9741 6.1 - Medium - March 13, 2019

An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command.

CRLF Injection

Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution

CVE-2017-15041 9.8 - Critical - October 05, 2017

Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git repository. If the Subversion repository includes a Git checkout in its pkg2 directory and some other work is done to ensure the proper ordering of operations, "go get" can be tricked into reusing this Git checkout for the fetch of code from pkg2. If the Subversion repository's Git checkout has malicious commands in .git/hooks/, they will execute on the system running "go get."

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Red Hat Enterprise Linux Tus or by Red Hat? Click the Watch button to subscribe.

Red Hat
Vendor

subscribe