rpm package
suse/go1.24-openssl&distro=SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
pkg:rpm/suse/go1.24-openssl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOS
Vulnerabilities (25)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-47907 | — | < 1.24.6-150000.1.12.1 | 1.24.6-150000.1.12.1 | Aug 7, 2025 | Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the ex | ||
| CVE-2025-4674 | — | < 1.24.6-150000.1.12.1 | 1.24.6-150000.1.12.1 | Jul 29, 2025 | The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS (e.g. Git), but contains metadata for another V | ||
| CVE-2025-0913 | — | < 1.24.4-150000.1.9.1 | 1.24.4-150000.1.9.1 | Jun 11, 2025 | os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent loca | ||
| CVE-2025-4673 | Med | 6.8 | < 1.24.4-150000.1.9.1 | 1.24.4-150000.1.9.1 | Jun 11, 2025 | Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. | |
| CVE-2025-22874 | Hig | 7.5 | < 1.24.4-150000.1.9.1 | 1.24.4-150000.1.9.1 | Jun 11, 2025 | Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon. |
- CVE-2025-47907Aug 7, 2025affected < 1.24.6-150000.1.12.1fixed 1.24.6-150000.1.12.1
Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the ex
- CVE-2025-4674Jul 29, 2025affected < 1.24.6-150000.1.12.1fixed 1.24.6-150000.1.12.1
The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS (e.g. Git), but contains metadata for another V
- CVE-2025-0913Jun 11, 2025affected < 1.24.4-150000.1.9.1fixed 1.24.4-150000.1.9.1
os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent loca
- affected < 1.24.4-150000.1.9.1fixed 1.24.4-150000.1.9.1
Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.
- affected < 1.24.4-150000.1.9.1fixed 1.24.4-150000.1.9.1
Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.
Page 2 of 2