CVE-2026-31997 OpenClaw < 2026.3.1 - Executable Rebind via Unbound PATH-token in system.run Approvals

OpenClaw versions prior to 2026.3.1 fail to pin executable identity for non-path-like argv0 tokens in system.run approvals, allowing post-approval executable rebind attacks. Attackers can modify PATH resolution after approval to execute a different binary than the operator approved, enabling...

ROS-20251106-09

A vulnerability in the QEMU hardware emulator is related to the incorrect release and use of the irqfd for vector 0 during boot time in QEMU Virtio PCI Bindings hw/virtio/virtio/pci.c. Exploitation of the of the vulnerability could allow an attacker to cause a denial of service...

UBUNTU-CVE-2024-4693

A flaw was found in the QEMU Virtio PCI Bindings hw/virtio/virtio-pci.c. An improper release and use of the irqfd for vector 0 during the boot process leads to a guest triggerable crash via vhostnetstop. This flaw allows a malicious guest to crash the QEMU process on the host...

SUSE CVE-2024-4693

A flaw was found in the QEMU Virtio PCI Bindings hw/virtio/virtio-pci.c. An improper release and use of the irqfd for vector 0 during the boot process leads to a guest triggerable crash via vhostnetstop. This flaw allows a malicious guest to crash the QEMU process on the host...

PT-2024-32284 · Qemu +3 · Qemu +3

Name of the Vulnerable Software and Affected Versions: QEMU affected versions not specified Description: A flaw was found in the QEMU Virtio PCI Bindings, specifically in the hw/virtio/virtio-pci.c file. This issue is related to an improper release and use of the irqfd for vector 0 during the boo...

python: untrusted python modules search path

Untrusted search path vulnerability in the PySysSetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv0 argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse...