Lucene search
+L

18 matches found

nessus
nessus
added 2025/03/05 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2022-41720

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a...

7.5CVSS7.3AI score0.0119EPSS
Exploits0References2
openvas
openvas
added 2023/05/31 12:0 a.m.22 views

SUSE: Security Advisory (SUSE-SU-2023:2312-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS8.9AI score0.0995EPSS
Exploits9References34
openvas
openvas
added 2023/03/28 12:0 a.m.29 views

SUSE: Security Advisory (SUSE-SU-2023:0871-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7AI score0.04561EPSS
Exploits0References9
osv
osv
added 2023/03/22 1:33 p.m.4 views

SUSE-SU-2023:0871-1 Security update for container-suseconnect

This update of container-suseconnect fixes the following issue: - container-suseconnect was rebuilt against the current go1.19 release, fixing security issues and other bugs fixed in go1.19.7. - CVE-2022-41723: Fixed quadratic complexity in HPACK decoding bsc1208270. - CVE-2022-41724: Fixed panic...

7.5CVSS6.9AI score0.04561EPSS
Exploits0References12
nessus
nessus
added 2023/03/07 12:0 a.m.43 views

Oracle Linux 8 : ol8addon (ELSA-2023-18908)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-18908 advisory. - Addresses CVE-2021-34558 - Include patch to fix CVE-2019-9741 - Fixes CVE-2019-6486 - Fixes CVE-2018-16873, CVE-2018-16874, CVE-2018-16875 - Fix...

9.8CVSS6.7AI score0.66252EPSS
Exploits3References9
openvas
openvas
added 2022/12/12 12:0 a.m.15 views

SUSE: Security Advisory (SUSE-SU-2022:4397-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.1AI score0.05623EPSS
Exploits0References2
openvas
openvas
added 2022/12/12 12:0 a.m.20 views

SUSE: Security Advisory (SUSE-SU-2022:4398-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.1AI score0.05623EPSS
Exploits0References2
nessus
nessus
added 2022/12/10 12:0 a.m.27 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.19 (SUSE-SU-2022:4397-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4397-1 advisory. Update to version 1.19.4, includes the following security fixes: - CVE-2022-41717: net/http: lim...

7.5CVSS6.8AI score0.05623EPSS
Exploits0References8
nessus
nessus
added 2022/12/10 12:0 a.m.32 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.18 (SUSE-SU-2022:4398-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4398-1 advisory. Update to version 1.18.9, includes the following security fixes: - CVE-2022-41717: net/http: lim...

7.5CVSS6.8AI score0.05623EPSS
Exploits0References8
osv
osv
added 2022/12/09 2:59 p.m.7 views

SUSE-SU-2022:4398-1 Security update for go1.18

This update for go1.18 fixes the following issues: Update to version 1.18.9, includes the following security fixes: - CVE-2022-41717: net/http: limit canonical header cache by bytes, not entries bsc1206135 - CVE-2022-41720: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows bsc1206...

7.5CVSS6.6AI score0.05623EPSS
Exploits0References6
circl
circl
added 2022/12/07 8:11 p.m.6 views

CVE-2022-41720

creationtimestamp| type| source ---|---|--- 2022-12-07 20:11:44+00:00| seen| https://t.me/cibsecurity/54131...

7.5CVSS7.8AI score0.0119EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2022/12/07 4:11 p.m.5 views

CVE-2022-41720 Restricted file access on Windows in os and net/http

On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS"C:/tmp".Open"COM1" opens the...

6.6AI score0.0119EPSS
Exploits0References4
osv
osv
added 2022/12/07 4:11 p.m.31 views

CVE-2022-41720 Restricted file access on Windows in os and net/http

On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS"C:/tmp".Open"COM1" opens the...

7.5CVSS7.1AI score0.0119EPSS
Exploits0References7
debiancve
debiancve
added 2022/12/07 4:11 p.m.70 views

CVE-2022-41720

On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS"C:/tmp".Open"COM1" opens the...

7.5CVSS7AI score0.0119EPSS
Exploits0
cvelist
cvelist
added 2022/12/07 4:11 p.m.50 views

CVE-2022-41720 Restricted file access on Windows in os and net/http

On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS"C:/tmp".Open"COM1" opens the...

7.7AI score0.0119EPSS
Exploits0References4
cve
cve
added 2022/12/07 4:11 p.m.219 views

CVE-2022-41720

CVE-2022-41720 : On Windows, os.DirFS and http.Dir can access Windows device files (e.g., os.DirFS("C:/tmp").Open("COM1")); read-only, but a crafted path may escape a drive and reach arbitrary paths. The fix changes behavior of os.DirFS("") so that Open("tmp") no longer resolves to the root (prev...

7.5CVSS7.4AI score0.0119EPSS
Exploits0References4Affected Software1
altlinux
altlinux
added 2022/12/07 12:0 a.m.91 views

Security fix for the ALT Linux 10 package golang version 1.19.4-alt1

Dec. 7, 2022 Alexey Shabalin 1.19.4-alt1 - New version 1.19.4 Fixes: CVE-2022-41717, CVE-2022-41720...

7AI score0.05623EPSS
Exploits0
nessus
nessus
added 2022/12/06 12:0 a.m.41 views

FreeBSD : go -- multiple vulnerabilities (6f5192f5-75a7-11ed-83c0-411d43ce7fe4)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 6f5192f5-75a7-11ed-83c0-411d43ce7fe4 advisory. - The Go project reports: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows Th...

7.5CVSS7.1AI score0.05623EPSS
Exploits0References4
Rows per page
Query Builder