19 matches found
Linux Distros Unpatched Vulnerability : CVE-2023-45284
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as COM1 , and reserved...
Security Bulletin: Vulnerabilities in Golang Go affect IBM Cloud Pak System
Summary Vulnerabilities in Golang Go affect IBM Cloud Pak System. CVE-2023-45284, CVE-2023-45283 Vulnerability Details CVEID:CVE-2023-45284 DESCRIPTION: Golang Go could provide weaker than expected security, caused by the failure to correctly detect reserved device names in some cases by the...
Photon OS 4.0: Go PHSA-2023-4.0-0531
An update of the go package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-4.0-0531. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid204491...
Security Bulletin: IBM Cloud Pak for Data Scheduling is vulnerable to directory traversal due to golang compiler ( CVE-2023-45283,CVE-2023-45284, CVE-2023-45285 )
Summary Golang compiler is used by IBM Cloud Pak for Data Scheduling to create the scheduler binaries. Vulnerability Details CVEID:CVE-2023-45283 DESCRIPTION: Golang Go could allow a remote attacker to traverse directories on the system, caused by the failure to recognize paths with a ??\ prefix...
openSUSE: Security Advisory for go1.21 (SUSE-SU-2023:4709-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for go1.20 (SUSE-SU-2023:4470-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for go1.20 (SUSE-SU-2023:4708-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for go1.20 (SUSE-SU-2023:4930-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for go1.20 (SUSE-SU-2023:4472-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for go1.21 (SUSE-SU-2023:4469-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-45284 affecting package golang for versions less than 1.21.6-1
CVE-2023-45284 affecting package golang for versions less than 1.21.6-1. A patched version of the package is available...
Medium: golang
Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...
SUSE-SU-2023:4930-1 Security update for go1.20-openssl
This update for go1.20-openssl fixes the following issues: Update to version 1.20.12.1: - CVE-2023-45285: cmd/go: git VCS qualifier in module path uses git:// scheme bsc1217834. - CVE-2023-45284: path/filepath: Clean removes ending slash for volume on Windows in Go 1.21.4 bsc1216943. -...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.20 (SUSE-SU-2023:4708-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4708-1 advisory. Update to go1.20.12: - CVE-2023-45285: cmd/go: git VCS qualifier in module path uses git:// sche...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.20 (SUSE-SU-2023:4470-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4470-1 advisory. go1.20.11 released 2023-11-07 includes security fixes to the path/filepath package, as well as b...
SUSE-SU-2023:4472-1 Security update for go1.20-openssl
This update for go1.20-openssl fixes the following issues: Update to version 1.20.11.1 cut from the go1.20-openssl-fips branch at the revision tagged go1.20.11-1-openssl-fips. Update to go1.20.11 go1.20.11 released 2023-11-07 includes security fixes to the path/filepath package, as well as bug...
SUSE-SU-2023:4469-1 Security update for go1.21-openssl
This update for go1.21-openssl fixes the following issues: Update to version 1.21.4.1 cut from the go1.21-openssl-fips branch at the revision tagged go1.21.4-1-openssl-fips. Update to go1.21.4 go1.21.4 released 2023-11-07 includes security fixes to the path/filepath package, as well as bug fixes ...
CVE-2023-45284
CVE-2023-45284 concerns Windows path/filepath IsLocal misclassification of reserved device names. In affected builds, names like COM1 (with trailing space) or COM/LPT followed by superscript digits could be incorrectly treated as local, enabling local checks to pass when they should not. The fix ...
CVE-2023-45284 Incorrect detection of reserved device names on Windows in path/filepath
On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports the...