|
951
|
6.6 |
MEDIUM
Local
|
-
|
-
|
The mv utility in uutils coreutils improperly handles directory trees containing symbolic links during moves across filesystem boundaries. Instead of preserving symlinks, the implementation expands t…
New
|
CWE-59
Link Following
|
CVE-2026-35365
|
2026-04-23 06:23 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
952
|
4.4 |
MEDIUM
Local
|
-
|
-
|
The printenv utility in uutils coreutils fails to display environment variables containing invalid UTF-8 byte sequences. While POSIX permits arbitrary bytes in environment strings, the uutils impleme…
New
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2026-35366
|
2026-04-23 06:23 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
953
|
3.3 |
LOW
Local
|
-
|
-
|
The nohup utility in uutils coreutils creates its default output file, nohup.out, without specifying explicit restricted permissions. This causes the file to inherit umask-based permissions, typicall…
New
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-35367
|
2026-04-23 06:23 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
954
|
7.8 |
HIGH
Local
|
-
|
-
|
A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam() after entering the chroot but before drop…
New
|
CWE-426
Untrusted Search Path
|
CVE-2026-35368
|
2026-04-23 06:23 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
955
|
5.5 |
MEDIUM
Local
|
-
|
-
|
An argument parsing error in the kill utility of uutils coreutils incorrectly interprets kill -1 as a request to send the default signal (SIGTERM) to PID -1. Sending a signal to PID -1 causes the ker…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-35369
|
2026-04-23 06:23 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
956
|
4.4 |
MEDIUM
Local
|
-
|
-
|
The id utility in uutils coreutils miscalculates the groups= section of its output. The implementation uses a user's real GID instead of their effective GID to compute the group list, leading to pote…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-35370
|
2026-04-23 06:23 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
957
|
3.3 |
LOW
Local
|
-
|
-
|
The id utility in uutils coreutils exhibits incorrect behavior in its "pretty print" output when the real UID and effective UID differ. The implementation incorrectly uses the effective GID instead o…
New
|
CWE-451
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2026-35371
|
2026-04-23 06:23 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
958
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A logic error in the cut utility of uutils coreutils causes the program to incorrectly interpret the literal two-byte string '' (two single quotes) as an empty delimiter. The implementation mistakenl…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-35380
|
2026-04-23 06:23 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
959
|
3.3 |
LOW
Local
|
-
|
-
|
A logic error in the cut utility of uutils coreutils causes the utility to ignore the -s (only-delimited) flag when using the -z (null-terminated) and -d '' (empty delimiter) options together. The im…
New
|
CWE-684
Incorrect Provision of Specified Functionality
|
CVE-2026-35381
|
2026-04-23 06:23 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
960
|
5.0 |
MEDIUM
Local
|
-
|
-
|
A logic error in the ln utility of uutils coreutils allows the utility to dereference a symbolic link target even when the --no-dereference (or -n) flag is explicitly provided. The implementation pre…
New
|
CWE-61
UNIX Symbolic Link (Symlink) Following
|
CVE-2026-35372
|
2026-04-23 06:23 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
