uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition

The cp utility in uutils coreutils is vulnerable to an information disclosure race condition. Destination files are initially created with umask-derived permissions e.g., 0644 before being restricted to their final mode e.g., 0600 later in the process. A local attacker can race to open the file...

uutils coreutils 安全漏洞

uutils coreutils is a cross-platform core command-line toolset developed by Uutils. There is a security vulnerability in uutils coreutils. This vulnerability stems from the mkdir utility incorrectly applying permissions when using the -m flag. It first uses umask to derive directory permissions a...

Security Bulletin: Vulnerability in Coreutils affects IBM Netezza Appliance

Summary The Coreutils package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-5278 Vulnerability Details CVEID:CVE-2025-5278 DESCRIPTION: A flaw was found in GNU Coreutils. The sort utility's begfield function is vulnerable to a heap buffer...

EulerOS Virtualization 2.12.0 : coreutils (EulerOS-SA-2026-1477)

According to the versions of the coreutils package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in GNU Coreutils. The sort utility's begfield function is vulnerable to a heap buffer under-read. The program ma...

Azure Linux 3.0 Security Update: coreutils (CVE-2024-0684)

The version of coreutils installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-0684 advisory. - A flaw was found in the GNU coreutils split program. A heap overflow with user-controlled data of multiple...

EulerOS Virtualization 2.13.1 : coreutils (EulerOS-SA-2025-2535)

According to the versions of the coreutils package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in GNU Coreutils. The sort utility's begfield function is vulnerable to a heap buffer under-read. The program ma...

TencentOS Server 4: coreutils (TSSA-2025:0416)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0416 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

EUVD-2015-1972

Malware in sbrugna...

EulerOS 2.0 SP11 : coreutils (EulerOS-SA-2025-1922)

According to the versions of the coreutils package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in GNU Coreutils. The sort utility's begfield function is vulnerable to a heap buffer under-read. The program may access memory...

SUSE SLES15 Security Update : coreutils (SUSE-SU-2025:02354-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:02354-1 advisory. Security fixes: - CVE-2025-5278: Fixed heap buffer under-read may lead to a crash or leak sensitive data bsc1243767 Other fixes: - ls: avoi...

SUSE SLES12 Security Update : coreutils (SUSE-SU-2025:02353-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:02353-1 advisory. - CVE-2025-5278: Fixed heap buffer under-read may lead to a crash or leak sensitive data bsc1243767 Tenable has extracted the preceding description...

Fedora 42 : coreutils (2025-f791604f4c)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-f791604f4c advisory. sort: fix buffer under-read CVE-2025-5278 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

TencentOS Server 4: coreutils (TSSA-2024:0969)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0969 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Azure Linux 3.0 Security Update: coreutils (CVE-2016-2781)

The version of coreutils installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2016-2781 advisory. - chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via...

GNU coreutils buffer overflow vulnerability

GNU coreutils is a core toolset of the GNU community. GNU coreutils suffers from a buffer overflow vulnerability that originates from a boundary error in the function begfield in the sort tool when handling untrusted input, which can be exploited by an attacker to cause a crash or data disclosure...

PT-2025-23038

Name of the Vulnerable Software and Affected Versions GNU Coreutils affected versions not specified Description A flaw was found in the sort utility's begfield function, which is vulnerable to a heap buffer under-read. This issue may cause the program to access memory outside the allocated buffer...

The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code (CVE-2014-9471)

The parsedatetime function in GNU coreutils allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date command...

Denial Of Service (DoS)

coreutils is vulnerable to denial of service. The sort, uniq, and join utilities did not properly restrict the use of the alloca function, which allows an attacker to crash those utilities in a stack-based buffer overflow by providing long input strings...

CVE-2016-2781

chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer...

DEBIAN-CVE-2014-9471

The parsedatetime function in GNU coreutils allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date command...