Lucene search
K

383 matches found

Github Security Blog
Github Security Blog
added 2026/05/07 4:29 a.m.12 views

vm2 Host Promise Resolution Preserves Object Identity Across Sandbox Boundary

Summary A sandbox boundary violation in vm2 allows host object identity to cross into the sandbox through host Promise resolution. When a host-side Promise that resolves to a host object is exposed to the sandbox, the value delivered to the sandbox .then callback preserves host identity. This...

7.2CVSS5.5AI score0.002EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.20 views

PT-2026-38391

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.0 Description A sandbox boundary violation allows host object identity to cross into the sandbox through host Promise resolution. When a host-side Promise that resolves to a host object is exposed to the sandbox, the...

7.2CVSS5.5AI score0.002EPSS
Exploits1References6
Packet Storm News
Packet Storm News
added 2026/05/06 12:0 a.m.13 views

Age Verification in the Web -- Holy Grail to Control Access to Restricted Content

Age verification before accessing restricted content is critical to protecting minors from exposure to harmful material such as pornography, gambling, violence, hateful speech, and substance purchases like alcohol and tobacco. Currently, the absence of reliable age-checking mechanisms allows...

5.8AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/04/30 4:40 p.m.51 views

OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode

A flaw was found in OpenSSH. When the scp command is used by a root user to download a file with the legacy protocol option -O and without preserving original file permissions -p, the downloaded file can be installed with elevated privileges setuid or setgid. This unexpected behavior could allow ...

8.1CVSS5.5AI score0.00419EPSS
Exploits0References7
Microsoft CVE
Microsoft CVE
added 2026/04/23 8:4 a.m.7 views

ksmbd: do not expire session on binding failure

...

8.2CVSS5.2AI score0.00499EPSS
Exploits0
OSV
OSV
added 2026/04/22 6:31 p.m.9 views

GHSA-957R-R8GC-VV3H uutils coreutils doesn't preserve file ownership during moves across different filesystem boundaries

The mv utility in uutils coreutils fails to preserve file ownership during moves across different filesystem boundaries. The utility falls back to a copy-and-delete routine that creates the destination file using the caller's UID/GID rather than the source's metadata. This flaw breaks backups and...

4.2CVSS5.8AI score0.00132EPSS
Exploits1References3
EUVD
EUVD
added 2026/04/22 6:31 p.m.7 views

EUVD-2026-24984

The mv utility in uutils coreutils fails to preserve file ownership during moves across different filesystem boundaries. The utility falls back to a copy-and-delete routine that creates the destination file using the caller's UID/GID rather than the source's metadata. This flaw breaks backups and...

4.2CVSS5.8AI score0.00132EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/22 6:31 p.m.7 views

EUVD-2026-24982

The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership preservation fails. When copying with the -p preserve flag, the utility applies the source mode bits even if the chown operation is unsuccessful. This can result in a user-owned copy retaining origin...

6.6CVSS5.7AI score0.00125EPSS
Exploits1References2
OSV
OSV
added 2026/04/22 6:31 p.m.12 views

GHSA-X2WV-9P67-MH9W uutils coreutils doesn't properly handle setuid and setgid bits when ownership preservation fails

The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership preservation fails. When copying with the -p preserve flag, the utility applies the source mode bits even if the chown operation is unsuccessful. This can result in a user-owned copy retaining origin...

6.6CVSS5.8AI score0.00125EPSS
Exploits1References3
OSV
OSV
added 2026/04/22 6:31 p.m.8 views

GHSA-HWHF-8P2F-45WR Duplicate Advisory: coreutils' comm utility silently corrupts data by performing lossy UTF-8 conversion on all output lines

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6gcw-w7cp-94g9. This link is maintained to preserve external references. Original Description The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines...

3.3CVSS5.9AI score0.00176EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.11 views

uutils coreutils has a Time-of-Check to Time-of-Use (TOCTOU) race condition

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the mv utility of uutils coreutils during cross-device moves. The extended attribute xattr preservation logic uses multiple path-based system calls that perform fresh path-to-inode lookups for each operation. A local attacker with writ...

4.7CVSS5.3AI score0.00091EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.7 views

uutils coreutils doesn't properly handle setuid and setgid bits when ownership preservation fails

The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership preservation fails. When copying with the -p preserve flag, the utility applies the source mode bits even if the chown operation is unsuccessful. This can result in a user-owned copy retaining origin...

6.6CVSS5.2AI score0.00125EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.7 views

uutils coreutils doesn't preserve file ownership during moves across different filesystem boundaries

The mv utility in uutils coreutils fails to preserve file ownership during moves across different filesystem boundaries. The utility falls back to a copy-and-delete routine that creates the destination file using the caller's UID/GID rather than the source's metadata. This flaw breaks backups and...

4.2CVSS5.2AI score0.00132EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.10 views

Duplicate Advisory: coreutils' comm utility silently corrupts data by performing lossy UTF-8 conversion on all output lines

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6gcw-w7cp-94g9. This link is maintained to preserve external references. Original Description The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines...

3.3CVSS5.9AI score0.00176EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2026/04/22 5:16 p.m.4 views

CVE-2026-35350

The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership preservation fails. When copying with the -p preserve flag, the utility applies the source mode bits even if the chown operation is unsuccessful. This can result in a user-owned copy retaining origin...

6.6CVSS0.00125EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/04/22 5:16 p.m.11 views

CVE-2026-35351

The mv utility in uutils coreutils fails to preserve file ownership during moves across different filesystem boundaries. The utility falls back to a copy-and-delete routine that creates the destination file using the caller's UID/GID rather than the source's metadata. This flaw breaks backups and...

4.2CVSS5.8AI score0.00132EPSS
Exploits1References3
OSV
OSV
added 2026/04/22 5:16 p.m.4 views

UBUNTU-CVE-2026-35351

The mv utility in uutils coreutils fails to preserve file ownership during moves across different filesystem boundaries. The utility falls back to a copy-and-delete routine that creates the destination file using the caller's UID/GID rather than the source's metadata. This flaw breaks backups and...

4.2CVSS5.8AI score0.00132EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/04/22 4:8 p.m.4 views

CVE-2026-35354

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the mv utility of uutils coreutils during cross-device moves. The extended attribute xattr preservation logic uses multiple path-based system calls that perform fresh path-to-inode lookups for each operation. A local attacker with writ...

4.7CVSS5.8AI score0.00091EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/22 4:8 p.m.5 views

CVE-2026-35351

The mv utility in uutils coreutils fails to preserve file ownership during moves across different filesystem boundaries. The utility falls back to a copy-and-delete routine that creates the destination file using the caller's UID/GID rather than the source's metadata. This flaw breaks backups and...

4.2CVSS5.8AI score0.00132EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/04/22 4:8 p.m.4 views

CVE-2026-35351

The mv utility in uutils coreutils fails to preserve file ownership during moves across different filesystem boundaries. The utility falls back to a copy-and-delete routine that creates the destination file using the caller's UID/GID rather than the source's metadata. This flaw breaks backups and...

4.2CVSS5.3AI score0.00132EPSS
Exploits1
Rows per page
Query Builder