Lucene search
K

1038 matches found

Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.6 views

PT-2026-36307

Name of the Vulnerable Software and Affected Versions OpenStack ironic-python-agent versions 1.0.0 through 11.5.0 Description Ironic Python Agent IPA may execute the grub-install function from within a chroot of the deployed partition image. This behavior can lead to arbitrary code execution if a...

8CVSS6.4AI score0.00837EPSS
Exploits0References21
RedhatCVE
RedhatCVE
added 2026/04/29 10:8 a.m.7 views

CVE-2026-35368

A flaw was found in uutils coreutils. The chroot utility, when used with the --userspec option, resolves user specifications after entering a restricted environment chroot but before relinquishing root privileges. This can cause the Name Service Switch NSS, a system for resolving system...

7.8CVSS6AI score0.00136EPSS
Exploits1References2
Microsoft CVE
Microsoft CVE
added 2026/04/26 8:5 a.m.6 views

SFTP chroot bypass via path traversal in SSH_FXP_FSETSTAT

...

5.3CVSS5.2AI score0.00354EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/04/23 1:24 a.m.5 views

SUSE CVE-2026-32147

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to modify file attributes outside the configured chroot directory. The SFTP daemon sshsftpd stores the raw, user-supplied path in file...

4.3CVSS5.8AI score0.00354EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/22 6:31 p.m.5 views

EUVD-2026-25016

A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam after entering the chroot but before dropping root privileges. On glibc-based systems, this can trigger the Name Service Switch NSS to load...

7.8CVSS6.1AI score0.00136EPSS
Exploits1References2
OSV
OSV
added 2026/04/22 6:31 p.m.6 views

GHSA-MH5C-XRMH-M794 uutils coreutils has an Untrusted Search Path

A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam after entering the chroot but before dropping root privileges. On glibc-based systems, this can trigger the Name Service Switch NSS to load...

7.8CVSS6.2AI score0.00136EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.7 views

uutils coreutils has an Untrusted Search Path

A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam after entering the chroot but before dropping root privileges. On glibc-based systems, this can trigger the Name Service Switch NSS to load...

7.8CVSS6AI score0.00136EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/04/22 5:16 p.m.7 views

CVE-2026-35368

A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam after entering the chroot but before dropping root privileges. On glibc-based systems, this can trigger the Name Service Switch NSS to load...

7.8CVSS0.00136EPSS
Exploits1References1
OSV
OSV
added 2026/04/22 5:16 p.m.4 views

UBUNTU-CVE-2026-35368

A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam after entering the chroot but before dropping root privileges. On glibc-based systems, this can trigger the Name Service Switch NSS to load...

7.8CVSS6.2AI score0.00136EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/04/22 5:16 p.m.9 views

CVE-2026-35368

A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam after entering the chroot but before dropping root privileges. On glibc-based systems, this can trigger the Name Service Switch NSS to load...

7.8CVSS6.2AI score0.00136EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/22 4:8 p.m.11 views

CVE-2026-35368 uutils coreutils chroot Local Privilege Escalation and chroot Escape in via Name Service Switch (NSS) Injection

A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam after entering the chroot but before dropping root privileges. On glibc-based systems, this can trigger the Name Service Switch NSS to load...

7.8CVSS6.1AI score0.00136EPSS
Exploits1References1
CVE
CVE
added 2026/04/22 4:8 p.m.19 views

CVE-2026-35368

CVE-2026-35368 describes a local privilege-escalation in the chroot utility of the uutils coreutils when using the --userspec option. The issue arises because the utility resolves the user via getpwnam() after entering the chroot but before dropping root privileges. On glibc-based systems, this c...

7.8CVSS6.1AI score0.00136EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/04/22 4:8 p.m.29 views

CVE-2026-35368 uutils coreutils chroot Local Privilege Escalation and chroot Escape in via Name Service Switch (NSS) Injection

A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam after entering the chroot but before dropping root privileges. On glibc-based systems, this can trigger the Name Service Switch NSS to load...

7.8CVSS0.00136EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/22 4:8 p.m.8 views

CVE-2026-35368

A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam after entering the chroot but before dropping root privileges. On glibc-based systems, this can trigger the Name Service Switch NSS to load...

7.8CVSS6.1AI score0.00136EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/04/22 4:8 p.m.3 views

CVE-2026-35368

A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam after entering the chroot but before dropping root privileges. On glibc-based systems, this can trigger the Name Service Switch NSS to load...

7.8CVSS6.1AI score0.00136EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.8 views

PT-2026-34504

Name of the Vulnerable Software and Affected Versions uutils coreutils affected versions not specified Description A flaw in the chroot utility occurs when the --userspec option is used. The utility calls the getPwnam function to resolve user specifications after entering the chroot environment b...

7.8CVSS6.2AI score0.00136EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.8 views

uutils coreutils 代码问题漏洞

uutils coreutils is a cross-platform core command-line toolset developed by Uutils Open Source. There is a code vulnerability in uutils coreutils. This vulnerability arises from the use of the --userspec option during chroot operations. After entering chroot, the user specification is resolved,...

7.8CVSS6.2AI score0.00136EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-32147

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user t...

5.3CVSS5.8AI score0.00354EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-35368

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam afte...

7.8CVSS6.2AI score0.00136EPSS
Exploits1References3
Sick AG
Sick AG
added 2026/04/21 1:0 p.m.14 views

Sudo vulnerability affects Endress+Hauser MCS200HW

The display unit of the Endress+Hauser MCS200HW is affected by a sudo chroot vulnerability...

9.3CVSS7.3AI score0.47467EPSS
Exploits70
Rows per page
Query Builder