7235 matches found
GHSA-2CXP-XQ3C-MJXX uutils coreutils' mktemp utility doesn't properly handle an empty TMPDIR environment variable
The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementation treats the empty string as a valid path. This causes temporary files to be created in the...
EUVD-2026-24971
The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementation treats the empty string as a valid path. This causes temporary files to be created in the...
uutils coreutils' mktemp utility doesn't properly handle an empty TMPDIR environment variable
The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementation treats the empty string as a valid path. This causes temporary files to be created in the...
CVE-2026-35363
A vulnerability in the rm utility of uutils coreutils allows the bypass of safeguard mechanisms intended to protect the current directory. While the utility correctly refuses to delete . or .., it fails to recognize equivalent paths with trailing slashes, such as ./ or .///. An accidental or...
CVE-2026-35342
The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementation treats the empty string as a valid path. This causes temporary files to be created in the...
CVE-2026-35363 uutils coreutils rm Safeguard Bypass via Improper Path Normalization
A vulnerability in the rm utility of uutils coreutils allows the bypass of safeguard mechanisms intended to protect the current directory. While the utility correctly refuses to delete . or .., it fails to recognize equivalent paths with trailing slashes, such as ./ or .///. An accidental or...
CVE-2026-35363
A vulnerability in the rm utility of uutils coreutils allows the bypass of safeguard mechanisms intended to protect the current directory. While the utility correctly refuses to delete . or .., it fails to recognize equivalent paths with trailing slashes, such as ./ or .///. An accidental or...
CVE-2026-35363
The CVE-2026-35363 entry concerns the rm utility in uutils coreutils. The issue: path normalization bug allows bypass of safeguards for the current directory. It correctly refuses . and .. but fails to recognize equivalent paths with trailing slashes (e.g., ./ or .///). An accidental/malicious ex...
CVE-2026-35363 uutils coreutils rm Safeguard Bypass via Improper Path Normalization
A vulnerability in the rm utility of uutils coreutils allows the bypass of safeguard mechanisms intended to protect the current directory. While the utility correctly refuses to delete . or .., it fails to recognize equivalent paths with trailing slashes, such as ./ or .///. An accidental or...
CVE-2026-35342
CVE-2026-35342 affects the mktemp utility in the uutils coreutils project. The issue arises because the implementation does not treat an empty TMPDIR as a fallback to /tmp (unlike GNU mktemp); instead, it treats an empty string as a valid path, causing temporary files to be created in the current...
CVE-2026-35342
The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementation treats the empty string as a valid path. This causes temporary files to be created in the...
[slackware-security] mozilla-thunderbird
New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-thunderbird-140.10.0esr-i686-1slack15.0.txz: Upgraded. This release contains security fixes and improvements. For...
[slackware-security] libXpm
New libXpm packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libXpm-3.5.19-i586-1slack15.0.txz: Upgraded. This update fixes a security issue: Out-of-bounds read in xpmNextWord. For more...
PT-2026-34478
The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementation treats the empty string as a valid path. This causes temporary files to be created in the...
PT-2026-34499
A vulnerability in the rm utility of uutils coreutils allows the bypass of safeguard mechanisms intended to protect the current directory. While the utility correctly refuses to delete . or .., it fails to recognize equivalent paths with trailing slashes, such as ./ or .///. An accidental or...
PT-2026-34368
In the Linux kernel, the following vulnerability has been resolved: iomap: fix invalid folio access when i blkbits differs from I/O granularity Commit aa35dd5cbc06 "iomap: fix invalid folio access after folio end read" partially addressed invalid folio access for folios without an ifs attached, b...
PT-2026-34399
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A mismatch exists between the memory reserved for statistics and the amount of memory written in the macb network driver. The function gem get sset count calculates the number of...
PT-2026-34387
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the s390 architecture where the r12 register is not properly cleared during kernel entry. Previously, entry handlers loaded r12 with the current task pointer for use b...
Slackware Linux 15.0 / current libXpm Vulnerability (SSA:2026-111-01)
The version of libXpm installed on the remote host is prior to 3.5.19. It is, therefore, affected by a vulnerability as referenced in the SSA:2026-111-01 advisory. New libXpm packages are available for Slackware 15.0 and -current to fix a security issue. Tenable has extracted the preceding...
Linux Distros Unpatched Vulnerability : CVE-2026-35363
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in the rm utility of uutils coreutils allows the bypass of safeguard mechanisms intended to protect the current directory. While the utility...