uutils coreutils incorrectly handles exit codes when processing multiple files

The recursive mode -R of the chmod utility in uutils coreutils incorrectly handles exit codes when processing multiple files. The final return value is determined solely by the success or failure of the last file processed. This allows the command to return an exit code of 0 success even if error...

EUVD-2026-24967

A flaw in the ChownExecutor used by uutils coreutils chown and chgrp causes the utilities to return an incorrect exit code during recursive operations. The final exit code is determined only by the last file processed. If the last operation succeeds, the command returns 0 even if earlier ownershi...

CVE-2026-35339

The CVE-2026-35339 entry concerns the recursive mode (-R) of uutils coreutils chmod. Affected component: chmod in uutils coreutils. Issue: exit codes are determined by the last file processed, allowing an exit code of 0 despite prior errors (e.g., Operation not permitted). Impact: scripts relying...

Linux Distros Unpatched Vulnerability : CVE-2026-35339

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The recursive mode -R of the chmod utility in uutils coreutils incorrectly handles exit codes when processing multiple files. The final return value is determin...

PT-2026-34476

A flaw in the ChownExecutor used by uutils coreutils chown and chgrp causes the utilities to return an incorrect exit code during recursive operations. The final exit code is determined only by the last file processed. If the last operation succeeds, the command returns 0 even if earlier ownershi...

Medium: tigervnc

Issue Overview: In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an application crash, because of incorrect permissions. CVE-2026-34352 Affected Packages: tigervnc Issue Correction: Run dnf update tigervnc --releasever...

SUSE CVE-2026-33487

goxmlsig provides XML Digital Signatures implemented in Go. Prior to version 1.6.0, the validateSignature function in validate.go goes through the references in the SignedInfo block to find one that matches the signed element's ID. In Go versions before 1.22, or when go.mod uses an older version,...

Caddy's vars_regexp double-expands user input, leaking env vars and files

Summary The varsregexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When varsregexp matches against a placeholder like http.request.header.X-Input, the header value gets resolved once expected, then passed through repl.ReplaceAll again the bug. This mean...

MiracleLinux 8 : gdisk-1.0.3-11.el8 (AXSA:2022-4240:03)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-4240:03 advisory. gdisk: possible out-of-bounds-write in LoadPartitionTable of gpt.cc CVE-2020-0256 gdisk: possible out-of-bounds-write in ReadLogicalParts of...

Linux Distros Unpatched Vulnerability : CVE-2025-68740

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ima: Handle error code returned by imafilterrulematch In imamatchrules, if imafilterrulematch returns -ENOENT due to the rule being NULL, the function incorrect...

PT-2025-40728

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.19.0-rc7+ Description The Linux kernel contains an issue where using smp processor id can lead to a kernel crash when CPU 0 is offline and intel powerclamp is used to inject idle. This occurs because the functi...

EUVD-2023-35658

Malicious code in bioql PyPI...

CVE-2025-0078

In main of main.cpp, there is a possible way to bypass SELinux due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Linux Distros Unpatched Vulnerability : CVE-2024-44968

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: tick/broadcast: Move per CPU pointer access into the atomic section The recent fix for makin...

Code Bug at Compliance Firm Vanta Leaks Customer Data to Other Clients

Compliance automation provider Vanta confirms a software bug exposed private customer data to other users, impacting hundreds of…...

DEBIAN-CVE-2022-49215

In the Linux kernel, the following vulnerability has been resolved: xsk: Fix race at socket teardown Fix a race in the xsk socket teardown code that can lead to a NULL pointer dereference splat. The current xsk unbind code in xskunbinddev starts by setting xs-state to XSKUNBOUND, sets xs-dev to...

CVE-2022-48945 media: vivid: fix compose size exceed boundary

In the Linux kernel, the following vulnerability has been resolved: media: vivid: fix compose size exceed boundary syzkaller found a bug: BUG: unable to handle page fault for address: ffffc9000a3b1000 PF: supervisor write access in kernel mode PF: errorcode0x0002 - not-present page PGD 100000067...

DEBIAN-CVE-2024-44968

In the Linux kernel, the following vulnerability has been resolved: tick/broadcast: Move per CPU pointer access into the atomic section The recent fix for making the take over of the broadcast timer more reliable retrieves a per CPU pointer in preemptible context. This went unnoticed as compilers...

CVE-2023-31347

A flaw was found in some AMD Hardware due to a code bug in the SecureTSC, SEV firmware. This flaw allows an attacker with high privileges to cause a guest to observe an incorrect TSC when Secure TSC is enabled, potentially resulting in a loss of guest integrity. Mitigation Mitigation for this iss...

SUSE CVE-2024-3857

The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free crashes during garbage collection. This vulnerability affects Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10...