Backports Sle Security Vulnerabilities and Issues — Backports Sle CVE List

Lucene search

OpensuseBackports Sle

3 matches found

CVE•added 2018/11/07 5:29 a.m.•2267 views

CVE-2018-19052

An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing '/' character, but the alias target fil...

7.5CVSS7.3AI score0.42596EPSS

CVE•added 2018/12/14 2:29 p.m.•198 views

CVE-2018-16873

In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in...

8.1CVSS8.5AI score0.81278EPSS

CVE•added 2018/12/14 2:29 p.m.•182 views

CVE-2018-16874

In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}' characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode ...

8.1CVSS8.2AI score0.03463EPSS