7 matches found
EUVD-2026-25008
rm: 'rm -rf ./' and ./// variants silently deletes current directory contents, bypassing dot protection...
GHSA-VCHC-9GGH-3236 Duplicate Advisory: uutils coreutils has a Path Traversal issue
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-89p7-7cq3-hhr2. This link is maintained to preserve external references. Original Description A vulnerability in the rm utility of uutils coreutils allows the bypass of safeguard mechanisms intended to protect t...
CVE-2026-35363
The CVE-2026-35363 entry concerns the rm utility in uutils coreutils. The issue: path normalization bug allows bypass of safeguards for the current directory. It correctly refuses . and .. but fails to recognize equivalent paths with trailing slashes (e.g., ./ or .///). An accidental/malicious ex...
PT-2026-34499
Name of the Vulnerable Software and Affected Versions uutils coreutils affected versions not specified Description A flaw in the rm utility allows the bypass of safeguard mechanisms designed to protect the current directory. Although the utility prevents the deletion of . or .., it does not...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989527)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989527 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: Prevent panic when SDMA is disabled If the hfi1 module is loaded with HFI1CAPSDMA off,...
CVE-2025-40049
In the Linux kernel, the following vulnerability has been resolved: Squashfs: fix uninit-value in squashfsgetparent Syzkaller reports a "KMSAN: uninit-value in squashfsgetparent" bug. This is caused by openbyhandleat being called with a file handle containing an invalid parent inode number. In...
SUSE CVE-2024-24576
Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files with the bat and cmd extensions on Windows using the Command. An attacker able to control the arguments...