18 matches found
Linux Distros Unpatched Vulnerability : CVE-2022-41720
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a...
SUSE: Security Advisory (SUSE-SU-2023:2312-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2023:0871-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2023:0871-1 Security update for container-suseconnect
This update of container-suseconnect fixes the following issue: - container-suseconnect was rebuilt against the current go1.19 release, fixing security issues and other bugs fixed in go1.19.7. - CVE-2022-41723: Fixed quadratic complexity in HPACK decoding bsc1208270. - CVE-2022-41724: Fixed panic...
Oracle Linux 8 : ol8addon (ELSA-2023-18908)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-18908 advisory. - Addresses CVE-2021-34558 - Include patch to fix CVE-2019-9741 - Fixes CVE-2019-6486 - Fixes CVE-2018-16873, CVE-2018-16874, CVE-2018-16875 - Fix...
SUSE: Security Advisory (SUSE-SU-2022:4398-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2022:4397-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.18 (SUSE-SU-2022:4398-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4398-1 advisory. Update to version 1.18.9, includes the following security fixes: - CVE-2022-41717: net/http: lim...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.19 (SUSE-SU-2022:4397-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4397-1 advisory. Update to version 1.19.4, includes the following security fixes: - CVE-2022-41717: net/http: lim...
SUSE-SU-2022:4398-1 Security update for go1.18
This update for go1.18 fixes the following issues: Update to version 1.18.9, includes the following security fixes: - CVE-2022-41717: net/http: limit canonical header cache by bytes, not entries bsc1206135 - CVE-2022-41720: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows bsc1206...
CVE-2022-41720
creationtimestamp| type| source ---|---|--- 2022-12-07 20:11:44+00:00| seen| https://t.me/cibsecurity/54131...
CVE-2022-41720 Restricted file access on Windows in os and net/http
On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS"C:/tmp".Open"COM1" opens the...
CVE-2022-41720
CVE-2022-41720 : On Windows, os.DirFS and http.Dir can access Windows device files (e.g., os.DirFS("C:/tmp").Open("COM1")); read-only, but a crafted path may escape a drive and reach arbitrary paths. The fix changes behavior of os.DirFS("") so that Open("tmp") no longer resolves to the root (prev...
CVE-2022-41720
On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS"C:/tmp".Open"COM1" opens the...
CVE-2022-41720 Restricted file access on Windows in os and net/http
On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS"C:/tmp".Open"COM1" opens the...
CVE-2022-41720 Restricted file access on Windows in os and net/http
On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS"C:/tmp".Open"COM1" opens the...
Security fix for the ALT Linux 10 package golang version 1.19.4-alt1
Dec. 7, 2022 Alexey Shabalin 1.19.4-alt1 - New version 1.19.4 Fixes: CVE-2022-41717, CVE-2022-41720...
FreeBSD : go -- multiple vulnerabilities (6f5192f5-75a7-11ed-83c0-411d43ce7fe4)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 6f5192f5-75a7-11ed-83c0-411d43ce7fe4 advisory. - The Go project reports: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows Th...