Moderate: Red Hat Security Advisory: go-rpm-macros security update

An update for go-rpm-macros is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

os/exec: Unexpected paths returned from LookPath in os/exec

A path handling flaw has been discovered in the os/exec go package. If the PATH environment variable contains paths which are executables rather than just directories, passing certain strings to LookPath "", ".", and "..", can result in the binaries listed in the PATH being unexpectedly returned...

Moderate: Red Hat Security Advisory: go-rpm-macros security update

An update for go-rpm-macros is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

os/exec: Unexpected paths returned from LookPath in os/exec

A path handling flaw has been discovered in the os/exec go package. If the PATH environment variable contains paths which are executables rather than just directories, passing certain strings to LookPath "", ".", and "..", can result in the binaries listed in the PATH being unexpectedly returned...

Moderate: Red Hat Security Advisory: go-rpm-macros security update

An update for go-rpm-macros is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

os/exec: Unexpected paths returned from LookPath in os/exec

A path handling flaw has been discovered in the os/exec go package. If the PATH environment variable contains paths which are executables rather than just directories, passing certain strings to LookPath "", ".", and "..", can result in the binaries listed in the PATH being unexpectedly returned...

Moderate: Red Hat Security Advisory: go-toolset:rhel8 security update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common...

os/exec: Unexpected paths returned from LookPath in os/exec

A path handling flaw has been discovered in the os/exec go package. If the PATH environment variable contains paths which are executables rather than just directories, passing certain strings to LookPath "", ".", and "..", can result in the binaries listed in the PATH being unexpectedly returned...

os/exec: Unexpected paths returned from LookPath in os/exec

A path handling flaw has been discovered in the os/exec go package. If the PATH environment variable contains paths which are executables rather than just directories, passing certain strings to LookPath "", ".", and "..", can result in the binaries listed in the PATH being unexpectedly returned...

os/exec: Unexpected paths returned from LookPath in os/exec

A path handling flaw has been discovered in the os/exec go package. If the PATH environment variable contains paths which are executables rather than just directories, passing certain strings to LookPath "", ".", and "..", can result in the binaries listed in the PATH being unexpectedly returned...

RHEL 9 : go-rpm-macros (RHSA-2025:23851)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:23851 advisory. This package provides build-stage rpm automation to simplify the creation of Go language golang packages. It does not need to be included in the...

RHEL 9 : go-rpm-macros (RHSA-2025:23834)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:23834 advisory. This package provides build-stage rpm automation to simplify the creation of Go language golang packages. It does not need to be included in the...

RHEL 8 : go-toolset:rhel8 (RHSA-2025:23740)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:23740 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: os/exec: Unexpect...

VulnCheck KEV: CVE-2025-32778

Web-Check is an all-in-one OSINT tool for analyzing any website. A command injection vulnerability exists in the screenshot API of the Web Check project Lissy93/web-check. The issue stems from user-controlled input url being passed unsanitized into a shell command using exec, allowing attackers t...

EulerOS Virtualization 2.13.1 : kernel (EulerOS-SA-2025-2546)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : KVM: VMX: Do all initialization before exposing /dev/kvm to userspaceCVE-2022-49932 drivers:md:fix a potential use-after-free...

CVE-2025-68239 binfmt_misc: restore write access before closing files opened by open_exec()

In the Linux kernel, the following vulnerability has been resolved: binfmtmisc: restore write access before closing files opened by openexec bmregisterwrite opens an executable file using openexec, which internally calls doopenexecat and denies write access on the file to avoid modification while...

futex: Don't leak robust_list pointer on exec race

...

SUSE CVE-2025-40341

In the Linux kernel, the following vulnerability has been resolved: futex: Don't leak robustlist pointer on exec race sysgetrobustlist and compatgetrobustlist use ptracemayaccess to check if the calling task is allowed to access another task's robustlist pointer. This check is racy against a...

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal in the untar process. An attacker can execute arbitrary code with elevated privileges by crafting a malicious archive containing symbolic links that overwrite critical files such as /var/run/argo/argoexec, which...

CVE-2025-40341

In the Linux kernel, the following vulnerability has been resolved: futex: Don't leak robustlist pointer on exec race sysgetrobustlist and compatgetrobustlist use ptracemayaccess to check if the calling task is allowed to access another task's robustlist pointer. This check is racy against a...