Lucene search
K

59 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/23 7:5 p.m.7 views

CVE-2026-54555

rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.42.2, the permission splitter did not conservatively split or reject several shell constructs that Bash treats as command execution boundaries or nested execution. As a result, a command beginning with an...

7.8CVSS6.1AI score0.00128EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/15 4:17 p.m.103 views

CVE-2026-44310 gitsign --verify panics on empty-certificate PKCS7 and exits 0, bypassing exit-code callers

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. From 0.4.0 to before 0.15.0, CertVerifier.Verify in pkg/git/verifier.go unconditionally dereferences certs0 after sd.GetCertificates without checking the slice length. A CMS/PKCS7 signed message with...

5.4CVSS0.00111EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/15 4:17 p.m.9 views

CVE-2026-44310 gitsign --verify panics on empty-certificate PKCS7 and exits 0, bypassing exit-code callers

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. From 0.4.0 to before 0.15.0, CertVerifier.Verify in pkg/git/verifier.go unconditionally dereferences certs0 after sd.GetCertificates without checking the slice length. A CMS/PKCS7 signed message with...

5.4CVSS5.9AI score0.00111EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/15 4:17 p.m.12 views

EUVD-2026-30564

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. From 0.4.0 to before 0.15.0, CertVerifier.Verify in pkg/git/verifier.go unconditionally dereferences certs0 after sd.GetCertificates without checking the slice length. A CMS/PKCS7 signed message with...

5.4CVSS5.9AI score0.00111EPSS
Exploits0References1
CVE
CVE
added 2026/05/15 4:17 p.m.37 views

CVE-2026-44310

CVE-2026-44310 (gitsign) : In CertVerifier.Verify(), after GetCertificates(), the code dereferences certs[0] without validating the slice length. A CMS/PKCS7 message can have an empty certificate set, causing an index-out-of-range panic. When invoked via the gitsign --verify path (git verify-comm...

5.4CVSS5.9AI score0.00111EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/08 5:37 p.m.16 views

gitsign --verify panics on empty-certificate PKCS7 and exits 0, bypassing exit-code callers

Summary CertVerifier.Verify in pkg/git/verifier.go unconditionally dereferences certs0 after sd.GetCertificates without checking the slice length. A CMS/PKCS7 signed message with an empty certificate set is a structurally valid DER payload; GetCertificates returns an empty slice with no error,...

5.4CVSS5.8AI score0.00111EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/08 5:37 p.m.71 views

GHSA-7C37-GX6W-8VC5 gitsign --verify panics on empty-certificate PKCS7 and exits 0, bypassing exit-code callers

Summary CertVerifier.Verify in pkg/git/verifier.go unconditionally dereferences certs0 after sd.GetCertificates without checking the slice length. A CMS/PKCS7 signed message with an empty certificate set is a structurally valid DER payload; GetCertificates returns an empty slice with no error,...

5.4CVSS5.8AI score0.00111EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.17 views

PT-2026-39244

Name of the Vulnerable Software and Affected Versions Gitsign versions 0.4.0 through 0.14.x Description In the CertVerifier.Verify function within pkg/git/verifier.go, the software unconditionally dereferences the first element of a certificate slice certs0 after calling sd.GetCertificates withou...

5.4CVSS5.8AI score0.00111EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2026/04/24 8:32 p.m.8 views

CVE-2026-35339

The recursive mode -R of the chmod utility in uutils coreutils incorrectly handles exit codes when processing multiple files. The final return value is determined solely by the success or failure of the last file processed. This allows the command to return an exit code of 0 success even if error...

5.5CVSS5.4AI score0.00143EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/22 6:31 p.m.7 views

EUVD-2026-25030

A logic error in the env utility of uutils coreutils causes a failure to correctly parse command-line arguments when utilizing the -S split-string option. In GNU env, backslashes within single quotes are treated literally with the exceptions of \ and '. However, the uutils implementation...

3.3CVSS5.8AI score0.00102EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.9 views

Duplicate Advisory: uutils coreutils incorrectly handles exit codes when processing multiple files

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4x34-chg5-mwjj. This link is maintained to preserve external references. Original Description The recursive mode -R of the chmod utility in uutils coreutils incorrectly handles exit codes when processing multipl...

5.5CVSS5.9AI score0.00143EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/04/22 6:31 p.m.5 views

EUVD-2026-24967

A flaw in the ChownExecutor used by uutils coreutils chown and chgrp causes the utilities to return an incorrect exit code during recursive operations. The final exit code is determined only by the last file processed. If the last operation succeeds, the command returns 0 even if earlier ownershi...

5.5CVSS5.7AI score0.00142EPSS
Exploits0References3
OSV
OSV
added 2026/04/22 6:31 p.m.4 views

GHSA-88CH-Q68X-36V7 Duplicate Advisory: uutils coreutils has an Incorrect Check of Function Return Value

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2x2h-fw32-rq7v. This link is maintained to preserve external references. Original Description A flaw in the ChownExecutor used by uutils coreutils chown and chgrp causes the utilities to return an incorrect exit...

5.5CVSS5.9AI score0.00142EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.10 views

Duplicate Advisory: uutils coreutils has an Incorrect Check of Function Return Value

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2x2h-fw32-rq7v. This link is maintained to preserve external references. Original Description A flaw in the ChownExecutor used by uutils coreutils chown and chgrp causes the utilities to return an incorrect exit...

5.5CVSS5.9AI score0.00142EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/04/22 5:16 p.m.10 views

CVE-2026-35339

The recursive mode -R of the chmod utility in uutils coreutils incorrectly handles exit codes when processing multiple files. The final return value is determined solely by the success or failure of the last file processed. This allows the command to return an exit code of 0 success even if error...

5.5CVSS0.00143EPSS
Exploits0References2
NVD
NVD
added 2026/04/22 5:16 p.m.8 views

CVE-2026-35340

A flaw in the ChownExecutor used by uutils coreutils chown and chgrp causes the utilities to return an incorrect exit code during recursive operations. The final exit code is determined only by the last file processed. If the last operation succeeds, the command returns 0 even if earlier ownershi...

5.5CVSS0.00142EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/22 4:9 p.m.5 views

CVE-2026-35377

A logic error in the env utility of uutils coreutils causes a failure to correctly parse command-line arguments when utilizing the -S split-string option. In GNU env, backslashes within single quotes are treated literally with the exceptions of \ and '. However, the uutils implementation...

3.3CVSS5.8AI score0.00102EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/22 4:7 p.m.4 views

CVE-2026-35340 uutils coreutils chown and chgrp False Success Exit Code in Recursive Mode

A flaw in the ChownExecutor used by uutils coreutils chown and chgrp causes the utilities to return an incorrect exit code during recursive operations. The final exit code is determined only by the last file processed. If the last operation succeeds, the command returns 0 even if earlier ownershi...

5.5CVSS5.7AI score0.00142EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/22 4:7 p.m.4 views

CVE-2026-35340

A flaw in the ChownExecutor used by uutils coreutils chown and chgrp causes the utilities to return an incorrect exit code during recursive operations. The final exit code is determined only by the last file processed. If the last operation succeeds, the command returns 0 even if earlier ownershi...

5.5CVSS5.7AI score0.00142EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/22 4:7 p.m.30 views

CVE-2026-35340 uutils coreutils chown and chgrp False Success Exit Code in Recursive Mode

A flaw in the ChownExecutor used by uutils coreutils chown and chgrp causes the utilities to return an incorrect exit code during recursive operations. The final exit code is determined only by the last file processed. If the last operation succeeds, the command returns 0 even if earlier ownershi...

5.5CVSS0.00142EPSS
Exploits0References2
Rows per page
Query Builder