openSUSE 16 Security Update : go1.26 (openSUSE-SU-2026:20342-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20342-1 advisory. Changes in go1.26: go1.26.1 released 2026-03-05 includes security fixes to the crypto/x509, html/template, net/url, and os packages, as well as...

EUVD-2020-0045

Malware in sbrugna...

Malicious code in aofl-os (npm)

The package aofl-os was found to contain malicious code...

MAL-2025-14619 Malicious code in aofl-os (npm)

The package aofl-os was found to contain malicious code...

Security update for go1.23

This update for go1.23 fixes the following issues: go1.23.10 released 2025-06-05 includes security fixes to the /http and os packages, as well as bug fixes to the linker. bsc1229122 go1.23 release tracking CVE-2025-0913 CVE-2025-4673 CVE-2025-0913: os: inconsistent handling of OCREATE|OEXCL on Un...

Medium: golang

Issue Overview: A directory traversal vulnerability was discovered in the Go programming language's os package in versions prior to 1.24.3. The vulnerability allows improper access to the parent directory of an os.Root by opening a filename ending in "../". When exploited, this vulnerability...

Medium: golang

Issue Overview: A directory traversal vulnerability was discovered in the Go programming language's os package in versions prior to 1.24.3. The vulnerability allows improper access to the parent directory of an os.Root by opening a filename ending in "../". When exploited, this vulnerability...

PT-2025-19993

Name of the Vulnerable Software and Affected Versions Go versions prior to 1.24.3 Go versions prior to 1.23.9 Description The issue concerns a security fix in the os package. Recommendations For versions prior to 1.24.3, update to version 1.24.3 to resolve the issue. For versions prior to 1.23.9,...

BIT-SUPERSET-2020-13948

While investigating a bug report on Apache Superset, it was determined that an authenticated user could craft requests via a number of templated text fields in the product that would allow arbitrary access to Python’s os package in the web application process in versions 0.37.1. It was thus...

Qualys released QScanner – a console vulnerability scanner for container images

QualysreleasedQScanner - a console vulnerability scanner for container images. Feed it an image and get a list of vulnerabilities a la Trivy. It supports: " Local Runtimes: Scan images from Docker, Containerd, or Podman. Local Archives: Analyze Docker images or OCI layouts from local files. Remot...

[SECURITY] Fedora 36 Update: golang-github-colinmarc-hdfs-2-2.2.0-5.fc36

This is a native golang client for hdfs. It connects directly to the namenode using the protocol buffers API. It tries to be idiomatic by aping the stdlib os package, where possible, and implements the interfaces from it, including os.FileInfo and os.PathError...

[SECURITY] Fedora 35 Update: golang-github-colinmarc-hdfs-2-2.2.0-4.fc35

This is a native golang client for hdfs. It connects directly to the namenode using the protocol buffers API. It tries to be idiomatic by aping the stdlib os package, where possible, and implements the interfaces from it, including os.FileInfo and os.PathError...

[SECURITY] Fedora 36 Update: golang-github-colinmarc-hdfs-2-2.2.0-4.fc36

This is a native golang client for hdfs. It connects directly to the namenode using the protocol buffers API. It tries to be idiomatic by aping the stdlib os package, where possible, and implements the interfaces from it, including os.FileInfo and os.PathError...

GHSA-CJ7G-H7RF-H8J9 Apache Superset OS Command Injection

While investigating a bug report on Apache Superset, it was determined that an authenticated user could craft requests via a number of templated text fields in the product that would allow arbitrary access to Python’s os package in the web application process in versions 0.37.1. It was thus...

Remote Code Execution (RCE)

apachesuperset is vulnerable to remote code execution RCE. Failure to validate a number of templated text fields allows an authenticated user to send malicious requests and gain access to Pythons os package in the web application process and access files, environment variables and process...

CVE-2020-13948

While investigating a bug report on Apache Superset, it was determined that an authenticated user could craft requests via a number of templated text fields in the product that would allow arbitrary access to Python’s os package in the web application process in versions 0.37.1. It was thus...

Code injection

While investigating a bug report on Apache Superset, it was determined that an authenticated user could craft requests via a number of templated text fields in the product that would allow arbitrary access to Python’s os package in the web application process in versions 0.37.1. It was thus...

PYSEC-2020-222

While investigating a bug report on Apache Superset, it was determined that an authenticated user could craft requests via a number of templated text fields in the product that would allow arbitrary access to Python’s os package in the web application process in versions 0.37.1. It was thus...

PYSEC-2020-222

While investigating a bug report on Apache Superset, it was determined that an authenticated user could craft requests via a number of templated text fields in the product that would allow arbitrary access to Python’s os package in the web application process in versions 0.37.1. It was thus...

CVE-2020-13948

CVE-2020-13948 is tied to Apache Superset versions earlier than 0.37.1. An authenticated user could craft requests via templated text fields to gain arbitrary access to Python’s os package within the web application process. Impact details in the connected records show the user could enumerate an...