Lucene search
K

34 matches found

OSV
OSV
added 2026/01/26 4:10 p.m.6 views

SUSE-SU-2026:0297-1 Security update for go1.25-openssl

This update for go1.25-openssl fixes the following issues: Update to version 1.25.6 released 2026-01-15 jscSLE-18320, bsc1244485: Security fixes: - CVE-2025-4674 cmd/go: disable support for multiple vcs in one module bsc1246118. - CVE-2025-47906 os/exec: LookPath bug: incorrect expansion of '', '...

10CVSS6.2AI score0.01945EPSS
Exploits5References51
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.6 views

MiracleLinux 9 : golang-1.24.6-1.el9_6 (AXSA:2025-10754:04)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10754:04 advisory. cmd/go: Go VCS Command Execution Vulnerability CVE-2025-4674 Tenable has extracted the preceding description block directly from the MiracleLinux security...

8.6CVSS7.3AI score0.00273EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.3 views

MiracleLinux 8 : go-toolset:rhel8 (AXSA:2025-10761:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10761:01 advisory. cmd/go: Go VCS Command Execution Vulnerability CVE-2025-4674 Tenable has extracted the preceding description block directly from the MiracleLinux security...

8.6CVSS7.3AI score0.00273EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/10/22 12:0 a.m.4 views

TencentOS Server 3: go-toolset:rhel8 (TSSA-2025:0791)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0791 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

8.6CVSS7.5AI score0.00273EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2025/10/04 12:11 a.m.7 views

golang security update

An update is available for golang. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The golang packages provide the Go programming language compiler. Security...

8.6CVSS7.1AI score0.00273EPSS
Exploits0
OpenVAS
OpenVAS
added 2025/09/15 12:0 a.m.3 views

openSUSE Security Advisory (SUSE-SU-2025:03161-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.6CVSS6.8AI score0.00489EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2025/09/08 12:0 a.m.3 views

RockyLinux 8 : go-toolset:rhel8 (RLSA-2025:13940)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:13940 advisory. cmd/go: Go VCS Command Execution Vulnerability CVE-2025-4674 Tenable has extracted the preceding description block directly from the RockyLinux security advisory...

8.6CVSS7.3AI score0.00273EPSS
Exploits0References3
OSV
OSV
added 2025/09/03 8:35 p.m.7 views

CLSA-2025-1756931716 golang: Fix of CVE-2025-4674

CVE-2025-4674: disallow multiple VCS metadata dirs in one module to prevent VCS injection attacks...

8.6CVSS6.8AI score0.00273EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/17 12:0 a.m.3 views

RHEL 8 : go-toolset:rhel8 (RHSA-2025:13940)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:13940 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: cmd/go: Go VCS Command...

8.6CVSS7.4AI score0.00273EPSS
Exploits0References4
Amazon
Amazon
added 2025/08/08 12:0 a.m.2 views

Important: golang

Issue Overview: cmd/go: unexpected command execution in untrusted VCS repositories CVE-2025-4674 Affected Packages: golang Issue Correction: Run dnf update golang --releasever 2023.8.20250808 or dnf update --advisory ALAS2023-2025-1104 --releasever 2023.8.20250808 to update your system. More...

8.6CVSS7.2AI score0.00273EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/04 12:0 a.m.6 views

Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2025-1104)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1104 advisory. cmd/go: unexpected command execution in untrusted VCS repositories CVE-2025-4674 Tenable has extracted the preceding description block directly from the tested product security advisory. Note that Ness...

8.6CVSS7.4AI score0.00273EPSS
Exploits0References4
Chainguard
Chainguard
added 2025/08/01 1:17 p.m.6 views

CVE-2025-4674 vulnerabilities

Vulnerabilities for packages: nvidia-nsight-compute-12.8, nvidia-nsight-compute-13.2, newrelic-fluent-bit-output, agentbeat, nemo, nvidia-nsight-compute-12.9, falco, nvidia-nsight-compute-13.1, nvidia-nsight-compute-13.0...

8.6CVSS6.7AI score0.00273EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/07/31 12:0 a.m.8 views

Amazon Linux 2 : golang (ALAS-2025-2939)

The version of golang installed on the remote host is prior to 1.23.11-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2939 advisory. cmd/go: unexpected command execution in untrusted VCS repositories CVE-2025-4674 Tenable has extracted the preceding description...

8.6CVSS7.5AI score0.00273EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/07/30 5:46 a.m.4 views

CVE-2025-4674

A flaw was found in cmd/go. The go command can execute arbitrary commands when processing untrusted version control system VCS repositories containing malicious configuration. This issue occurs because the command interprets VCS metadata, potentially leading to unintended command execution. This...

8.6CVSS7.3AI score0.00273EPSS
Exploits0References7
Amazon
Amazon
added 2025/07/30 12:0 a.m.3 views

Important: golang

Issue Overview: cmd/go: unexpected command execution in untrusted VCS repositories CVE-2025-4674 Affected Packages: golang Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correctio...

8.6CVSS7.3AI score0.00273EPSS
Exploits0
NVD
NVD
added 2025/07/29 10:15 p.m.6 views

CVE-2025-4674

The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...

8.6CVSS0.00273EPSS
Exploits0References5
OSV
OSV
added 2025/07/29 10:15 p.m.5 views

AZL-66098 CVE-2025-4674 affecting package golang for versions less than 1.18.8-10

The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...

8.6CVSS7.3AI score0.00273EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/07/29 10:15 p.m.4 views

CVE-2025-4674

The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...

8.6CVSS6.8AI score0.00273EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/07/29 9:19 p.m.2 views

CVE-2025-4674 Unexpected command execution in untrusted VCS repositories in cmd/go

The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...

6.8AI score0.00273EPSS
Exploits0References4
OSV
OSV
added 2025/07/29 9:19 p.m.4 views

CVE-2025-4674 Unexpected command execution in untrusted VCS repositories in cmd/go

The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VCS e.g. Mercurial...

8.6CVSS6.8AI score0.00273EPSS
Exploits0References8
Rows per page
Query Builder