|
1321
|
4.4 |
MEDIUM
Local
|
uutils
|
coreutils
|
The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The are_files_identical function opens and reads from both input p…
|
CWE-20
Improper Input Validation
|
CVE-2026-35347
|
2026-04-27 21:28 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1322
|
7.7 |
HIGH
Local
|
uutils
|
coreutils
|
A vulnerability in the rm utility of uutils coreutils allows a bypass of the --preserve-root protection. The implementation uses a path-string check rather than comparing device and inode numbers to …
|
CWE-59
Link Following
|
CVE-2026-35349
|
2026-04-27 21:28 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1323
|
4.2 |
MEDIUM
Local
|
uutils
|
coreutils
|
The mv utility in uutils coreutils fails to preserve file ownership during moves across different filesystem boundaries. The utility falls back to a copy-and-delete routine that creates the destinati…
|
CWE-281
Improper Preservation of Permissions
|
CVE-2026-35351
|
2026-04-27 21:28 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1324
|
3.3 |
LOW
Local
|
uutils
|
coreutils
|
The mkdir utility in uutils coreutils incorrectly applies permissions when using the -m flag by creating a directory with umask-derived permissions (typically 0755) before subsequently changing them …
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-35353
|
2026-04-27 21:27 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1325
|
6.3 |
MEDIUM
Local
|
uutils
|
coreutils
|
The install utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition during file installation. The implementation unlinks an existing destination file and t…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-35355
|
2026-04-27 21:27 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1326
|
6.3 |
MEDIUM
Local
|
uutils
|
coreutils
|
A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the install utility of uutils coreutils when using the -D flag. The command creates parent directories and subsequently performs a seco…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-35356
|
2026-04-27 21:27 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1327
|
4.4 |
MEDIUM
Local
|
uutils
|
coreutils
|
The mknod utility in uutils coreutils fails to handle security labels atomically by creating device nodes before setting the SELinux context. If labeling fails, the utility attempts cleanup using std…
|
CWE-281
CWE-459
Improper Preservation of Permissions
Incomplete Cleanup
|
CVE-2026-35361
|
2026-04-27 21:27 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1328
|
3.6 |
LOW
Local
|
uutils
|
coreutils
|
The safe_traversal module in uutils coreutils, which provides protection against Time-of-Check to Time-of-Use (TOCTOU) symlink races using file-descriptor-relative syscalls, is incorrectly limited to…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-35362
|
2026-04-27 21:26 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1329
|
4.3 |
MEDIUM
Network
|
apache
|
airflow
|
The asset dependency graph did not restrict nodes by the viewer's DAG read permissions: a user with read access to at least one DAG could browse the asset graph for any other asset in the deployment …
|
CWE-1220
Insufficient Granularity of Access Control
|
CVE-2026-40690
|
2026-04-27 21:24 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1330
|
4.3 |
MEDIUM
Network
|
apache
|
airflow
|
The authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop (HITL) and TaskInstance records: a logged-in Airflow user with read access to at least one DAG…
|
CWE-1220
Insufficient Granularity of Access Control
|
CVE-2026-38743
|
2026-04-27 21:24 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
