uutils coreutils has an Incorrect Provision of Specified Functionality Issue in its cut Utility

A logic error in the cut utility of uutils coreutils causes the utility to ignore the -s only-delimited flag when using the -z null-terminated and -d '' empty delimiter options together. The implementation incorrectly routes this specific combination through a specialized newline-delimiter code...

EUVD-2026-24981

A vulnerability in the rm utility of uutils coreutils allows a bypass of the --preserve-root protection. The implementation uses a path-string check rather than comparing device and inode numbers to identify the root directory. An attacker or accidental user can bypass this safeguard by using a...

GHSA-HJ9R-8PFM-RMJJ uutils coreutils has an Issue With its Always-Incorrect Control Flow Implementation

The cut utility in uutils coreutils incorrectly handles the -s only-delimited option when a newline character is specified as the delimiter. The implementation fails to verify the onlydelimited flag in the cutfieldsnewlinechardelim function, causing the utility to print non-delimited lines that...

UBUNTU-CVE-2026-35344

The dd utility in uutils coreutils suppresses errors during file truncation operations by unconditionally calling Result::ok on truncation attempts. While intended to mimic GNU behavior for special files like /dev/null, the uutils implementation also hides failures on regular files and directorie...

UBUNTU-CVE-2026-35351

The mv utility in uutils coreutils fails to preserve file ownership during moves across different filesystem boundaries. The utility falls back to a copy-and-delete routine that creates the destination file using the caller's UID/GID rather than the source's metadata. This flaw breaks backups and...

CVE-2026-35363 uutils coreutils rm Safeguard Bypass via Improper Path Normalization

A vulnerability in the rm utility of uutils coreutils allows the bypass of safeguard mechanisms intended to protect the current directory. While the utility correctly refuses to delete . or .., it fails to recognize equivalent paths with trailing slashes, such as ./ or .///. An accidental or...

MiracleLinux 4 : policycoreutils-2.0.83-30.1.AXS4 (AXSA:2016-915:02)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-915:02 advisory. Security-enhanced Linux is a feature of the Linux kernel and a number of utilities with enhanced security functionality designed to add mandatory access...

MiracleLinux 4 : coreutils-8.4-46.0.1.AXS4 (AXSA:2017-1611:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2017-1611:01 advisory. These are the GNU core utilities. This package is the combination of the old GNU fileutils, sh-utils, and textutils packages. Security issues fixed with this...

CVE-2005-1039

Race condition in Core Utilities coreutils 5.2.1, when 1 mkdir, 2 mknod, or 3 mkfifo is running with the -m switch, allows local users to modify permissions of other files...

EUVD-2005-1042

Malware in sbrugna...

EulerOS 2.0 SP13 : coreutils (EulerOS-SA-2025-2133)

According to the versions of the coreutils package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in GNU Coreutils. The sort utility's begfield function is vulnerable to a heap buffer under-read. The program may access memory...

Malicious code in @moonpig/web-core-utils (npm)

The package @moonpig/web-core-utils was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...

Malicious code in np_core_utils (npm)

The package npcoreutils was found to contain malicious code...

[SECURITY] Fedora 41 Update: coreutils-9.5-12.fc41

These are the GNU core utilities. This package is the combination of the old GNU fileutils, sh-utils, and textutils packages...

[SECURITY] Fedora 42 Update: coreutils-9.6-4.fc42

These are the GNU core utilities. This package is the combination of the old GNU fileutils, sh-utils, and textutils packages...

CVE-2023-49298

OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and thus potentially disable security mechanisms. NOTE: this issue is not always security related, but c...

CVE-2022-20243

In Core Utilities, there is a possible log information disclosure. This could lead to local information disclosure of sensitive browsing data with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-190199986...

Advisory ROSA-SA-2025-2611

software: coreutils 8.32 OS: ROSA-CHROME packageevrstring: coreutils-8.32-5 CVE-ID: CVE-2024-0684 BDU-ID: 2024-00722 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the linebytessplit function src/split.c of the GNU Core Utilities GNU Coreutils suite of system utilities is related to a buffer...

GNU Coreutils: Buffer Overflow Vulnerability

Background The GNU Core Utilities are the basic file, shell and text manipulation utilities of the GNU operating system. Description A vulnerability has been discovered in the Coreutils "split" program that can lead to a heap buffer overflow and possibly arbitrary code execution. Impact Please...

ROS-20240409-17

Vulnerability of linebytessplit function src/split.c of GNU Core Utilities GNU Coreutils is related to a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker to cause a denial of service...