18 matches found
Linux Distros Unpatched Vulnerability : CVE-2022-41720
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a...
SUSE: Security Advisory (SUSE-SU-2023:2312-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2023:0871-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2023:0871-1 Security update for container-suseconnect
This update of container-suseconnect fixes the following issue: - container-suseconnect was rebuilt against the current go1.19 release, fixing security issues and other bugs fixed in go1.19.7. - CVE-2022-41723: Fixed quadratic complexity in HPACK decoding bsc1208270. - CVE-2022-41724: Fixed panic...
Oracle Linux 8 : ol8addon (ELSA-2023-18908)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-18908 advisory. - Addresses CVE-2021-34558 - Include patch to fix CVE-2019-9741 - Fixes CVE-2019-6486 - Fixes CVE-2018-16873, CVE-2018-16874, CVE-2018-16875 - Fix...
SUSE: Security Advisory (SUSE-SU-2022:4397-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2022:4398-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.19 (SUSE-SU-2022:4397-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4397-1 advisory. Update to version 1.19.4, includes the following security fixes: - CVE-2022-41717: net/http: lim...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.18 (SUSE-SU-2022:4398-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4398-1 advisory. Update to version 1.18.9, includes the following security fixes: - CVE-2022-41717: net/http: lim...
SUSE-SU-2022:4398-1 Security update for go1.18
This update for go1.18 fixes the following issues: Update to version 1.18.9, includes the following security fixes: - CVE-2022-41717: net/http: limit canonical header cache by bytes, not entries bsc1206135 - CVE-2022-41720: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows bsc1206...
CVE-2022-41720
creationtimestamp| type| source ---|---|--- 2022-12-07 20:11:44+00:00| seen| https://t.me/cibsecurity/54131...
CVE-2022-41720 Restricted file access on Windows in os and net/http
On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS"C:/tmp".Open"COM1" opens the...
CVE-2022-41720 Restricted file access on Windows in os and net/http
On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS"C:/tmp".Open"COM1" opens the...
CVE-2022-41720
On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS"C:/tmp".Open"COM1" opens the...
CVE-2022-41720 Restricted file access on Windows in os and net/http
On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS"C:/tmp".Open"COM1" opens the...
CVE-2022-41720
CVE-2022-41720 : On Windows, os.DirFS and http.Dir can access Windows device files (e.g., os.DirFS("C:/tmp").Open("COM1")); read-only, but a crafted path may escape a drive and reach arbitrary paths. The fix changes behavior of os.DirFS("") so that Open("tmp") no longer resolves to the root (prev...
Security fix for the ALT Linux 10 package golang version 1.19.4-alt1
Dec. 7, 2022 Alexey Shabalin 1.19.4-alt1 - New version 1.19.4 Fixes: CVE-2022-41717, CVE-2022-41720...
FreeBSD : go -- multiple vulnerabilities (6f5192f5-75a7-11ed-83c0-411d43ce7fe4)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 6f5192f5-75a7-11ed-83c0-411d43ce7fe4 advisory. - The Go project reports: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows Th...