|
931
|
3.3 |
LOW
Local
|
-
|
-
|
The dd utility in uutils coreutils suppresses errors during file truncation operations by unconditionally calling Result::ok() on truncation attempts. While intended to mimic GNU behavior for special…
New
|
CWE-252
Unchecked Return Value
|
CVE-2026-35344
|
2026-04-23 06:23 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
932
|
5.3 |
MEDIUM
Local
|
-
|
-
|
A vulnerability in the tail utility of uutils coreutils allows for the exfiltration of sensitive file contents when using the --follow=name option. Unlike GNU tail, the uutils implementation continue…
New
|
CWE-59
CWE-367
Link Following
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-35345
|
2026-04-23 06:23 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
933
|
3.3 |
LOW
Local
|
-
|
-
|
The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::from_utf8_lossy(), which replaces invalid UTF-8 b…
New
|
CWE-176
Improper Handling of Unicode Encoding
|
CVE-2026-35346
|
2026-04-23 06:23 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
934
|
4.4 |
MEDIUM
Local
|
-
|
-
|
The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The are_files_identical function opens and reads from both input p…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-35347
|
2026-04-23 06:23 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
935
|
6.7 |
MEDIUM
Local
|
-
|
-
|
A vulnerability in the rm utility of uutils coreutils allows a bypass of the --preserve-root protection. The implementation uses a path-string check rather than comparing device and inode numbers to …
New
|
CWE-59
Link Following
|
CVE-2026-35349
|
2026-04-23 06:23 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
936
|
6.6 |
MEDIUM
Local
|
-
|
-
|
The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership preservation fails. When copying with the -p (preserve) flag, the utility applies the source mode bit…
New
|
CWE-281
Improper Preservation of Permissions
|
CVE-2026-35350
|
2026-04-23 06:23 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
937
|
4.2 |
MEDIUM
Local
|
-
|
-
|
The mv utility in uutils coreutils fails to preserve file ownership during moves across different filesystem boundaries. The utility falls back to a copy-and-delete routine that creates the destinati…
New
|
CWE-281
Improper Preservation of Permissions
|
CVE-2026-35351
|
2026-04-23 06:23 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
938
|
7.0 |
HIGH
Local
|
-
|
-
|
A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the mkfifo utility of uutils coreutils. The utility creates a FIFO and then performs a path-based chmod to set permissions. A local at…
New
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-35352
|
2026-04-23 06:23 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
939
|
3.3 |
LOW
Local
|
-
|
-
|
The mkdir utility in uutils coreutils incorrectly applies permissions when using the -m flag by creating a directory with umask-derived permissions (typically 0755) before subsequently changing them …
New
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-35353
|
2026-04-23 06:23 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
940
|
4.7 |
MEDIUM
Local
|
-
|
-
|
A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the mv utility of uutils coreutils during cross-device moves. The extended attribute (xattr) preservation logic uses multiple path-base…
New
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-35354
|
2026-04-23 06:23 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
