64 matches found
EUVD-2026-24981
rm: --preserve-root bypassed via a symlink to / string check instead of dev/inode...
TYPO3 CMS has an Open Redirect Vulnerability via Core Utilities
Problem Applications that use GeneralUtility::sanitizeLocalUrl to allow only local URLs are vulnerable to open redirect attacks if the URL is used after it has passed the aforementioned sanitization checks. This enables attackers to redirect users to external content and carry out phishing attack...
GHSA-3P42-W5CH-GG42 TYPO3 CMS has an Open Redirect Vulnerability via Core Utilities
Problem Applications that use GeneralUtility::sanitizeLocalUrl to allow only local URLs are vulnerable to open redirect attacks if the URL is used after it has passed the aforementioned sanitization checks. This enables attackers to redirect users to external content and carry out phishing attack...
CVE-2026-47347
CVE-2026-47347 affects TYPO3 CMS where GeneralUtility::sanitizeLocalUrl can be bypassed, enabling an open redirect if a URL is used after sanitization. Affected versions are older: 10.4.57, 11.0.0–11.5.50, 12.0.0–12.4.45, 13.0.0–13.4.30, and 14.0.0–14.3.2. The CVE entry notes the impact as open r...
CVE-2026-47347 TYPO3 CMS - Open Redirect in Core Utilities
Applications that use GeneralUtility::sanitizeLocalUrl to allow only local URLs are vulnerable to open redirect attacks if the URL is used after it has passed the aforementioned sanitization checks. This enables attackers to redirect users to external content and carry out phishing attacks. This...
Duplicate Advisory: uutils coreutils has an Incorrect Provision of Specified Functionality Issue in its cut Utility
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pmfc-4wjj-gmhx. This link is maintained to preserve external references. Original Description A logic error in the cut utility of uutils coreutils causes the utility to ignore the -s only-delimited flag when usi...
GHSA-HJ9R-8PFM-RMJJ Duplicate Advisory: uutils coreutils has an Issue With its Always-Incorrect Control Flow Implementation
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wv33-5pxh-r7j7. This link is maintained to preserve external references. Original Description The cut utility in uutils coreutils incorrectly handles the -s only-delimited option when a newline character is...
UBUNTU-CVE-2026-35351
The mv utility in uutils coreutils fails to preserve file ownership during moves across different filesystem boundaries. The utility falls back to a copy-and-delete routine that creates the destination file using the caller's UID/GID rather than the source's metadata. This flaw breaks backups and...
UBUNTU-CVE-2026-35344
The dd utility in uutils coreutils suppresses errors during file truncation operations by unconditionally calling Result::ok on truncation attempts. While intended to mimic GNU behavior for special files like /dev/null, the uutils implementation also hides failures on regular files and directorie...
CVE-2026-35363 uutils coreutils rm Safeguard Bypass via Improper Path Normalization
A vulnerability in the rm utility of uutils coreutils allows the bypass of safeguard mechanisms intended to protect the current directory. While the utility correctly refuses to delete . or .., it fails to recognize equivalent paths with trailing slashes, such as ./ or .///. An accidental or...
MiracleLinux 4 : policycoreutils-2.0.83-30.1.AXS4 (AXSA:2016-915:02)
The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-915:02 advisory. Security-enhanced Linux is a feature of the Linux kernel and a number of utilities with enhanced security functionality designed to add mandatory access...
MiracleLinux 4 : coreutils-8.4-46.0.1.AXS4 (AXSA:2017-1611:01)
The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2017-1611:01 advisory. These are the GNU core utilities. This package is the combination of the old GNU fileutils, sh-utils, and textutils packages. Security issues fixed with this...
CVE-2005-1039
Race condition in Core Utilities coreutils 5.2.1, when 1 mkdir, 2 mknod, or 3 mkfifo is running with the -m switch, allows local users to modify permissions of other files...
EUVD-2005-1042
Malware in sbrugna...
EulerOS 2.0 SP13 : coreutils (EulerOS-SA-2025-2133)
According to the versions of the coreutils package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in GNU Coreutils. The sort utility's begfield function is vulnerable to a heap buffer under-read. The program may access memory...
Malicious code in np_core_utils (npm)
The package npcoreutils was found to contain malicious code...
Malicious code in @moonpig/web-core-utils (npm)
The package @moonpig/web-core-utils was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...
[SECURITY] Fedora 41 Update: coreutils-9.5-12.fc41
These are the GNU core utilities. This package is the combination of the old GNU fileutils, sh-utils, and textutils packages...
[SECURITY] Fedora 42 Update: coreutils-9.6-4.fc42
These are the GNU core utilities. This package is the combination of the old GNU fileutils, sh-utils, and textutils packages...
CVE-2023-49298
OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and thus potentially disable security mechanisms. NOTE: this issue is not always security related, but c...