Lucene search
K

8481 matches found

OSV
OSV
added 2026/04/22 6:31 p.m.10 views

GHSA-RX8H-33GR-VHJ9 uutils coreutils' comm utility incorrectly consumes data from non-regular file inputs before performing comparison operations

The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The arefilesidentical function opens and reads from both input paths to compare content without first verifying if the paths refer to regular files. If an input pat...

4.4CVSS5.8AI score0.00134EPSS
Exploits0References5
NVD
NVD
added 2026/04/22 5:16 p.m.5 views

CVE-2026-35347

The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The arefilesidentical function opens and reads from both input paths to compare content without first verifying if the paths refer to regular files. If an input pat...

4.4CVSS0.00134EPSS
Exploits0References2
CVE
CVE
added 2026/04/22 4:8 p.m.13 views

CVE-2026-35358

The CVE concerns the cp utility in the uutils coreutils project. When performing recursive copies (-R), it mishandles character and block device nodes by treating them as regular stream sources instead of preserving device semantics. The implementation reads bytes into destination regular files r...

5.5CVSS5.7AI score0.00177EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/22 4:8 p.m.4 views

CVE-2026-35358

The cp utility in uutils coreutils, when performing recursive copies -R, incorrectly treats character and block device nodes as stream sources rather than preserving them. Because the implementation reads bytes into regular files at the destination instead of using mknod, device semantics are...

4.4CVSS5.7AI score0.00177EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/04/22 4:7 p.m.4 views

CVE-2026-35347

The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The arefilesidentical function opens and reads from both input paths to compare content without first verifying if the paths refer to regular files. If an input pat...

4.4CVSS5.7AI score0.00134EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/22 4:7 p.m.7 views

CVE-2026-35347 uutils coreutils comm Silent Data Loss or Denial of Service via Improper Input Validation

The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The arefilesidentical function opens and reads from both input paths to compare content without first verifying if the paths refer to regular files. If an input pat...

4.4CVSS5.7AI score0.00134EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/22 4:7 p.m.29 views

CVE-2026-35347 uutils coreutils comm Silent Data Loss or Denial of Service via Improper Input Validation

The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The arefilesidentical function opens and reads from both input paths to compare content without first verifying if the paths refer to regular files. If an input pat...

4.4CVSS0.00134EPSS
Exploits0References2
CVE
CVE
added 2026/04/22 4:7 p.m.11 views

CVE-2026-35347

CVE-2026-35347 affects the uutils coreutils comm utility. The are_files_identical routine opens and reads both input paths to compare content without verifying that inputs are regular files. As a result, feeding non-regular inputs (e.g., FIFOs or pipes) drains the streams before the comparison, c...

4.4CVSS5.7AI score0.00134EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/04/22 4:7 p.m.14 views

CVE-2026-35344

The CVE describes a flaw in the dd utility from uutils coreutils: when truncating files, it unconditionally calls Result::ok(), suppressing errors. This behavior mirrors GNU for special files like /dev/null but also hides failures on regular files or directories caused by full disks or read-only ...

3.3CVSS5.8AI score0.00115EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/22 4:7 p.m.3 views

CVE-2026-35344 uutils coreutils dd Silent Data Corruption via Unconditional Truncation Error Suppression

The dd utility in uutils coreutils suppresses errors during file truncation operations by unconditionally calling Result::ok on truncation attempts. While intended to mimic GNU behavior for special files like /dev/null, the uutils implementation also hides failures on regular files and directorie...

3.3CVSS5.8AI score0.00115EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/04/22 2:7 p.m.7 views

minimatch: minimatch: Denial of Service via specially crafted glob patterns

A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service ReDoS vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking i...

8.7CVSS7AI score0.00519EPSS
Exploits1References6
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/22 12:13 p.m.5 views

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the path-to-regexp library

Summary Due to use of the path-to-regexp library, DevOps Test Performance and Rational Performance Tester contain a potential Regular Expression Denial of Service ReDoS vulnerability. Vulnerability Details CVEID:CVE-2026-4923 DESCRIPTION: Impact: When using multiple wildcards, combined with at...

7.5CVSS5.8AI score0.00791EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/04/22 12:31 a.m.4 views

EUVD-2026-24545

An incorrect regular expression vulnerability was identified in GitHub Enterprise Server that allowed an attacker to bypass OAuth redirect URI validation. An attacker with knowledge of a first-party OAuth application's registered callback URL could craft a malicious authorization link that, when...

7.5CVSS5.8AI score0.00317EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.5 views

PT-2026-34494

The cp utility in uutils coreutils, when performing recursive copies -R, incorrectly treats character and block device nodes as stream sources rather than preserving them. Because the implementation reads bytes into regular files at the destination instead of using mknod, device semantics are...

4.4CVSS5.7AI score0.00177EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.7 views

PT-2026-34483

The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The are files identical function opens and reads from both input paths to compare content without first verifying if the paths refer to regular files. If an input...

4.4CVSS5.7AI score0.00134EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-35347

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The arefilesidentical...

4.4CVSS5.8AI score0.00134EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/21 10:12 p.m.5 views

CVE-2026-4296

An incorrect regular expression vulnerability was identified in GitHub Enterprise Server that allowed an attacker to bypass OAuth redirect URI validation. An attacker with knowledge of a first-party OAuth application's registered callback URL could craft a malicious authorization link that, when...

7.5CVSS5.8AI score0.00317EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2026/04/21 10:12 p.m.22 views

CVE-2026-4296

CVE-2026-4296 concerns an incorrect regular expression vulnerability in GitHub Enterprise Server that bypasses the OAuth redirect URI validation. An attacker who knows a first-party OAuth app’s registered callback URL could craft a malicious authorization link that, when clicked by a victim, redi...

8.8CVSS5.8AI score0.00317EPSS
Exploits0References7Affected Software1
Snyk
Snyk
added 2026/04/21 5:17 p.m.10 views

Regular Expression Denial of Service (ReDoS)

Overview signalk-server is an An implementation of a Signal K server for boats. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the contextMatcher and pathMatcher functions. An attacker can cause the server to become unresponsive and exhaust CPU...

8.7CVSS5.8AI score0.00427EPSS
Exploits1References2
OSV
OSV
added 2026/04/21 5:17 p.m.5 views

GHSA-7GCJ-PHFF-2884 Signal K Server has an Unauthenticated Regular Expression Denial of Service (ReDoS) via WebSocket Subscription Paths

Summary The SignalK server is vulnerable to an unauthenticated Regular Expression Denial of Service ReDoS attack within its WebSocket subscription handling logic. By injecting unescaped regex metacharacters into the context parameter of a stream subscription, an attacker can force the server's...

7.5CVSS5.8AI score0.00427EPSS
Exploits1References6
Rows per page
Query Builder