Lucene search
+L

37 matches found

euvd
euvd
added 2026/07/06 9:54 p.m.7 views

EUVD-2026-25004

mknod: Device nodes created mislabeled on SELinux, with broken cleanup removedir on a node...

4.4CVSS5.9AI score0.00142EPSS
Exploits1References5
github
github
added 2026/04/22 6:31 p.m.14 views

Duplicate Advisory: uutils coreutils' comm utility incorrectly consumes data from non-regular file inputs before performing comparison operations

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-3wfc-mgpm-9rq6. This link is maintained to preserve external references. Original Description The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing...

4.4CVSS5.9AI score0.00135EPSS
Exploits0References5Affected Software1
github
github
added 2026/04/22 6:31 p.m.9 views

Duplicate Advisory: uutils coreutils has an Improper Preservation of Permissions issue

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r9hw-mj3w-phcq. This link is maintained to preserve external references. Original Description The mknod utility in uutils coreutils fails to handle security labels atomically by creating device nodes before...

4.4CVSS5.9AI score0.00142EPSS
Exploits1References5Affected Software1
nvd
nvd
added 2026/04/22 5:16 p.m.6 views

CVE-2026-35347

The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The arefilesidentical function opens and reads from both input paths to compare content without first verifying if the paths refer to regular files. If an input pat...

4.4CVSS0.00135EPSS
Exploits0References2
cve
cve
added 2026/04/22 4:8 p.m.16 views

CVE-2026-35361

The CVE-2026-35361 issue affects the mknod utility in uutils coreutils. It describes non-atomic handling of security labels for created device nodes: mknod creates the nodes before applying the SELinux context, and on labeling failure attempts cleanup via std::fs::remove_dir, which cannot remove ...

4.4CVSS5.8AI score0.00142EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2026/04/22 4:8 p.m.33 views

CVE-2026-35361 uutils coreutils mknod Security Label Inconsistency and Broken Cleanup on SELinux Systems

The mknod utility in uutils coreutils fails to handle security labels atomically by creating device nodes before setting the SELinux context. If labeling fails, the utility attempts cleanup using std::fs::removedir, which cannot remove device nodes or FIFOs. This leaves mislabeled nodes behind wi...

3.4CVSS0.00142EPSS
Exploits1References2
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-19399

Malware in sbrugna...

7.3CVSS6.3AI score0.00289EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2024/08/17 9:8 a.m.16 views

CVE-2024-42279 spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer

In the Linux kernel, the following vulnerability has been resolved: spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer While transmitting with rxlen == 0, the RX FIFO is not going to be emptied in the interrupt handler. A subsequent transfer could then read crap from the...

6.7AI score0.00225EPSS
Exploits0References3
osv
osv
added 2024/08/17 9:8 a.m.13 views

CVE-2024-42279 spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer

In the Linux kernel, the following vulnerability has been resolved: spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer While transmitting with rxlen == 0, the RX FIFO is not going to be emptied in the interrupt handler. A subsequent transfer could then read crap from the...

5.5CVSS6.2AI score0.00225EPSS
Exploits0References6
susecve
susecve
added 2023/02/15 3:41 a.m.4 views

SUSE CVE-2021-32550

It was discovered that readfile in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-14 package apport hooks, it could expose private data to other local users...

7.3CVSS6.7AI score0.00289EPSS
Exploits0References3
susecve
susecve
added 2023/02/15 3:41 a.m.7 views

SUSE CVE-2021-32548

It was discovered that readfile in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-8 package apport hooks, it could expose private data to other local users...

7.3CVSS6.7AI score0.00289EPSS
Exploits0References3
susecve
susecve
added 2023/02/15 3:41 a.m.6 views

SUSE CVE-2021-32549

It was discovered that readfile in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-13 package apport hooks, it could expose private data to other local users...

7.3CVSS6.7AI score0.00289EPSS
Exploits0References3
susecve
susecve
added 2023/02/15 3:41 a.m.3 views

SUSE CVE-2021-32555

It was discovered that readfile in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg-hwe-18.04 package apport hooks, it could expose private data to other local users...

7.3CVSS6.7AI score0.00289EPSS
Exploits0References3
nvd
nvd
added 2021/06/12 4:15 a.m.29 views

CVE-2021-32552

It was discovered that readfile in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users...

7.3CVSS0.00289EPSS
Exploits0References1
nvd
nvd
added 2021/06/12 4:15 a.m.40 views

CVE-2021-32553

It was discovered that readfile in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users...

7.3CVSS0.00322EPSS
Exploits0References1
osv
osv
added 2021/06/12 4:15 a.m.4 views

CVE-2021-32555

It was discovered that readfile in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg-hwe-18.04 package apport hooks, it could expose private data to other local users...

5.5CVSS5.8AI score0.00289EPSS
Exploits0References1
osv
osv
added 2021/06/12 4:15 a.m.5 views

CVE-2021-32554

It was discovered that readfile in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg package apport hooks, it could expose private data to other local users...

5.5CVSS6.6AI score0.00289EPSS
Exploits0References1
osv
osv
added 2021/06/12 4:15 a.m.5 views

CVE-2021-32548

It was discovered that readfile in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-8 package apport hooks, it could expose private data to other local users...

5.5CVSS6.6AI score0.00289EPSS
Exploits0References1
nvd
nvd
added 2021/06/12 4:15 a.m.43 views

CVE-2021-32549

It was discovered that readfile in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-13 package apport hooks, it could expose private data to other local users...

7.3CVSS0.00289EPSS
Exploits0References1
prion
prion
added 2021/06/12 4:15 a.m.23 views

Open redirect

It was discovered that readfile in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users...

2.1CVSS5.8AI score0.00322EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder