CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

465 matches found

Tenable Nessus•added 2023/11/25 12:0 a.m.•12 views

Fedora 37 : golang (2023-7e185b8c12)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-7e185b8c12 advisory. Includes security fixes to the path/filepath package, as well as bug fixes to the linker, the runtime, the compiler, and the go/types, net/http, and...

5.6AI score

Exploits0References1

Tenable Nessus•added 2023/11/17 12:0 a.m.•48 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.20-openssl (SUSE-SU-2023:4472-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4472-1 advisory. - Line directives //line can be used to bypass the restrictions on //go:cgo directives, allowing...

8.1CVSS7.7AI score0.99999EPSS

Exploits19References16

Tenable Nessus•added 2023/11/17 12:0 a.m.•28 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.20 (SUSE-SU-2023:4470-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4470-1 advisory. - The filepath package does not recognize paths with a ??\ prefix as special. On Windows, a path...

7.5CVSS7.5AI score0.02758EPSS

Exploits0References8

OSV•added 2023/11/16 6:0 p.m.•9 views

SUSE-SU-2023:4470-1 Security update for go1.20

This update for go1.20 fixes the following issues: go1.20.11 released 2023-11-07 includes security fixes to the path/filepath package, as well as bug fixes to the linker and the net/http package. security: fix CVE-2023-45283 CVE-2023-45284 path/filepath: insecure parsing of Windows paths...

7.5CVSS6.8AI score0.02758EPSS

Exploits0References6

OSV•added 2023/11/09 5:15 p.m.•2 views

AZL-37444 CVE-2023-45283 affecting package golang for versions less than 1.21.6-1

The filepath package does not recognize paths with a ??\ prefix as special. On Windows, a path beginning with ??\ is a Root Local Device path equivalent to a path beginning with \?. Paths with a ??\ prefix may be used to access arbitrary locations on the system. For example, the path ??\c:\x...

7.5CVSS6.8AI score0.02758EPSS

Exploits0References1

OSV•added 2023/11/09 5:15 p.m.•2 views

AZL-37397 CVE-2023-45283 affecting package golang for versions less than 1.21.6-1

7.5CVSS6.8AI score0.02758EPSS

Exploits0References1

OSV•added 2023/11/09 5:15 p.m.•27 views

CVE-2023-45283

7.5CVSS7.4AI score

Exploits0References9

NVD•added 2023/11/09 5:15 p.m.•20 views

CVE-2023-45283

7.5CVSS0.02758EPSS

Exploits0References9

Prion•added 2023/11/09 5:15 p.m.•48 views

Path traversal

5CVSS6.1AI score0.02758EPSS

Exploits0References9Affected Software1

OSV•added 2023/11/09 5:15 p.m.•0 views

UBUNTU-CVE-2023-45283

7.5CVSS6.9AI score0.02758EPSS

Exploits0References6

UbuntuCve•added 2023/11/09 5:15 p.m.•81 views

CVE-2023-45283

7.5CVSS6.8AI score0.02758EPSS

Exploits0References5

Cvelist•added 2023/11/09 4:30 p.m.•23 views

CVE-2023-45284 Incorrect detection of reserved device names on Windows in path/filepath

On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports the...

6.5AI score0.00903EPSS

Exploits0References4

CVE•added 2023/11/09 4:30 p.m.•444 views

CVE-2023-45283

CVE-2023-45283 relates to the Go filepath/safefilepath handling on Windows. The issue arises from not recognizing paths starting with the ??\ prefix as special, which maps to a Root Local Device path, enabling potential traversal to arbitrary locations. Before the fix, Clean/Join could convert se...

7.5CVSS7.9AI score0.02758EPSS

Exploits0References9Affected Software1

Cvelist•added 2023/11/09 4:30 p.m.•36 views

CVE-2023-45283 Insecure parsing of Windows paths with a \??\ prefix in path/filepath

7.7AI score0.02758EPSS

Exploits0References9

Debian CVE•added 2023/11/09 4:30 p.m.•89 views

CVE-2023-45283

7.5CVSS7.2AI score0.02758EPSS

Exploits0

CNNVD•added 2023/11/09 12:0 a.m.•3 views

Google Go Path Traversal Vulnerability

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. Google Go suffers from a path traversal vulnerability that stems from the filepath package's inability to recognize paths with special prefixes...

7.5CVSS6.8AI score0.02758EPSS

Exploits0References10

OSV•added 2023/11/08 10:42 p.m.•31 views

GO-2023-2186 Incorrect detection of reserved device names on Windows in path/filepath

5.3CVSS6.1AI score0.00903EPSS

Exploits0References3

OSV•added 2023/11/08 10:42 p.m.•30 views

GO-2023-2185 Insecure parsing of Windows paths with a \??\ prefix in path/filepath

7.5CVSS7.8AI score0.02758EPSS

Exploits0References6

SUSE CVE•added 2023/11/08 1:52 a.m.•2 views

SUSE CVE-2023-45283

6.8CVSS7.4AI score0.02758EPSS

Exploits0References12

Positive Technologies•added 2023/11/08 12:0 a.m.•8 views

PT-2023-7933 · Go +4 · Go +4

Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.20.11 and 1.21.4 Go versions 1.20.11 and 1.21.4 Description: The filepath package does not recognize paths with a ?? prefix as special. On Windows, a path beginning with ?? is a Root Local Device path equivalent to a pa...

9.8CVSS6.6AI score0.99999EPSS

Exploits24References230

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by