CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

463 matches found

Tenable Nessus•added 2023/11/17 12:0 a.m.•28 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.20 (SUSE-SU-2023:4470-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4470-1 advisory. - The filepath package does not recognize paths with a ??\ prefix as special. On Windows, a path...

7.5CVSS7.5AI score0.00318EPSS

Exploits0References8

OSV•added 2023/11/16 6:0 p.m.•9 views

SUSE-SU-2023:4470-1 Security update for go1.20

This update for go1.20 fixes the following issues: go1.20.11 released 2023-11-07 includes security fixes to the path/filepath package, as well as bug fixes to the linker and the net/http package. security: fix CVE-2023-45283 CVE-2023-45284 path/filepath: insecure parsing of Windows paths...

7.5CVSS6.8AI score0.00318EPSS

Exploits0References6

NVD•added 2023/11/09 5:15 p.m.•18 views

CVE-2023-45283

The filepath package does not recognize paths with a ??\ prefix as special. On Windows, a path beginning with ??\ is a Root Local Device path equivalent to a path beginning with \?. Paths with a ??\ prefix may be used to access arbitrary locations on the system. For example, the path ??\c:\x...

7.5CVSS0.00318EPSS

Exploits0References9

OSV•added 2023/11/09 5:15 p.m.•1 views

AZL-37397 CVE-2023-45283 affecting package golang for versions less than 1.21.6-1

7.5CVSS6.8AI score0.00318EPSS

Exploits0References1

OSV•added 2023/11/09 5:15 p.m.•2 views

AZL-37444 CVE-2023-45283 affecting package golang for versions less than 1.21.6-1

7.5CVSS6.8AI score0.00318EPSS

Exploits0References1

OSV•added 2023/11/09 5:15 p.m.•24 views

CVE-2023-45283

7.5CVSS7.4AI score

Exploits0References9

OSV•added 2023/11/09 5:15 p.m.•0 views

UBUNTU-CVE-2023-45283

7.5CVSS6.9AI score0.00318EPSS

Exploits0References6

Prion•added 2023/11/09 5:15 p.m.•46 views

Path traversal

5CVSS6.1AI score0.00318EPSS

Exploits0References9Affected Software1

UbuntuCve•added 2023/11/09 5:15 p.m.•79 views

CVE-2023-45283

7.5CVSS6.8AI score0.00318EPSS

Exploits0References5

Cvelist•added 2023/11/09 4:30 p.m.•22 views

CVE-2023-45284 Incorrect detection of reserved device names on Windows in path/filepath

On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports the...

6.5AI score0.00035EPSS

Exploits0References4

Debian CVE•added 2023/11/09 4:30 p.m.•89 views

CVE-2023-45283

7.5CVSS7.2AI score0.00318EPSS

Exploits0

Cvelist•added 2023/11/09 4:30 p.m.•31 views

CVE-2023-45283 Insecure parsing of Windows paths with a \??\ prefix in path/filepath

7.7AI score0.00318EPSS

Exploits0References9

CVE•added 2023/11/09 4:30 p.m.•444 views

CVE-2023-45283

CVE-2023-45283 relates to the Go filepath/safefilepath handling on Windows. The issue arises from not recognizing paths starting with the ??\ prefix as special, which maps to a Root Local Device path, enabling potential traversal to arbitrary locations. Before the fix, Clean/Join could convert se...

7.5CVSS7.9AI score0.00318EPSS

Exploits0References9Affected Software1

CNNVD•added 2023/11/09 12:0 a.m.•2 views

Google Go Path Traversal Vulnerability

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. Google Go suffers from a path traversal vulnerability that stems from the filepath package's inability to recognize paths with special prefixes...

7.5CVSS6.8AI score0.00318EPSS

Exploits0References10

OSV•added 2023/11/08 10:42 p.m.•28 views

GO-2023-2186 Incorrect detection of reserved device names on Windows in path/filepath

5.3CVSS6.1AI score0.00035EPSS

Exploits0References3

OSV•added 2023/11/08 10:42 p.m.•24 views

GO-2023-2185 Insecure parsing of Windows paths with a \??\ prefix in path/filepath

7.5CVSS7.8AI score0.00318EPSS

Exploits0References6

SUSE CVE•added 2023/11/08 1:52 a.m.•2 views

SUSE CVE-2023-45283

6.8CVSS7.4AI score0.00318EPSS

Exploits0References12

Positive Technologies•added 2023/11/08 12:0 a.m.•5 views

PT-2023-7933 · Go +4 · Go +4

Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.20.11 and 1.21.4 Go versions 1.20.11 and 1.21.4 Description: The filepath package does not recognize paths with a ?? prefix as special. On Windows, a path beginning with ?? is a Root Local Device path equivalent to a pa...

9.8CVSS6.6AI score0.944EPSS

Exploits24References230

Snyk•added 2023/11/07 7:37 p.m.•1 views

Relative Path Traversal

Overview std/path/filepath is a Go standard library package std/path/filepath Affected versions of this package are vulnerable to Relative Path Traversal. Go Vulnerability Report:The filepath package does not recognize paths with a ??\ prefix as special.On Windows, a path beginning with ??\ is a...

8.7CVSS7.3AI score0.00318EPSS

Exploits0References2

Tenable Nessus•added 2023/11/07 12:0 a.m.•19 views

Rocky Linux 8 : container-tools:3.0 (RLSA-2022:7529)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:7529 advisory. - Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if...

7.8CVSS7.2AI score0.00464EPSS

Exploits4References21

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by