36 matches found
uutils coreutils has an Improper Preservation of Permissions issue
The mknod utility in uutils coreutils fails to handle security labels atomically by creating device nodes before setting the SELinux context. If labeling fails, the utility attempts cleanup using std::fs::removedir, which cannot remove device nodes or FIFOs. This leaves mislabeled nodes behind wi...
EUVD-2026-25004
The mknod utility in uutils coreutils fails to handle security labels atomically by creating device nodes before setting the SELinux context. If labeling fails, the utility attempts cleanup using std::fs::removedir, which cannot remove device nodes or FIFOs. This leaves mislabeled nodes behind wi...
uutils coreutils' comm utility incorrectly consumes data from non-regular file inputs before performing comparison operations
The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The arefilesidentical function opens and reads from both input paths to compare content without first verifying if the paths refer to regular files. If an input pat...
CVE-2026-35347
The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The arefilesidentical function opens and reads from both input paths to compare content without first verifying if the paths refer to regular files. If an input pat...
CVE-2026-35361 uutils coreutils mknod Security Label Inconsistency and Broken Cleanup on SELinux Systems
The mknod utility in uutils coreutils fails to handle security labels atomically by creating device nodes before setting the SELinux context. If labeling fails, the utility attempts cleanup using std::fs::removedir, which cannot remove device nodes or FIFOs. This leaves mislabeled nodes behind wi...
CVE-2026-35361
The CVE-2026-35361 issue affects the mknod utility in uutils coreutils. It describes non-atomic handling of security labels for created device nodes: mknod creates the nodes before applying the SELinux context, and on labeling failure attempts cleanup via std::fs::remove_dir, which cannot remove ...
EUVD-2021-19399
Malware in sbrugna...
CVE-2024-42279 spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer
In the Linux kernel, the following vulnerability has been resolved: spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer While transmitting with rxlen == 0, the RX FIFO is not going to be emptied in the interrupt handler. A subsequent transfer could then read crap from the...
CVE-2024-42279 spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer
In the Linux kernel, the following vulnerability has been resolved: spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer While transmitting with rxlen == 0, the RX FIFO is not going to be emptied in the interrupt handler. A subsequent transfer could then read crap from the...
SUSE CVE-2021-32550
It was discovered that readfile in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-14 package apport hooks, it could expose private data to other local users...
SUSE CVE-2021-32548
It was discovered that readfile in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-8 package apport hooks, it could expose private data to other local users...
SUSE CVE-2021-32549
It was discovered that readfile in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-13 package apport hooks, it could expose private data to other local users...
SUSE CVE-2021-32555
It was discovered that readfile in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg-hwe-18.04 package apport hooks, it could expose private data to other local users...
CVE-2021-32555
It was discovered that readfile in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg-hwe-18.04 package apport hooks, it could expose private data to other local users...
CVE-2021-32554
It was discovered that readfile in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg package apport hooks, it could expose private data to other local users...
CVE-2021-32552
It was discovered that readfile in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users...
CVE-2021-32553
It was discovered that readfile in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users...
CVE-2021-32549
It was discovered that readfile in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-13 package apport hooks, it could expose private data to other local users...
CVE-2021-32548
It was discovered that readfile in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-8 package apport hooks, it could expose private data to other local users...
Open redirect
It was discovered that readfile in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg package apport hooks, it could expose private data to other local users...