Lucene search
K

117 matches found

RedhatCVE
RedhatCVE
added 2026/04/29 10:8 a.m.6 views

CVE-2026-35354

A flaw was found in the mv utility of uutils coreutils. A local attacker with write access to a directory can exploit a Time-of-Check to Time-of-Use TOCTOU vulnerability during cross-device moves. This race condition allows the attacker to swap files between system calls, leading to the destinati...

4.7CVSS5.3AI score0.00091EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/04/27 2:21 a.m.5 views

golang: cmd/compile: no-op interface conversion bypasses overlap checking

A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data...

7.1CVSS5.8AI score0.00261EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/04/24 2:38 a.m.7 views

golang: cmd/compile: no-op interface conversion bypasses overlap checking

A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data...

7.1CVSS5.8AI score0.00261EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/04/23 9:39 p.m.5 views

golang: cmd/compile: no-op interface conversion bypasses overlap checking

A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data...

7.1CVSS5.8AI score0.00261EPSS
Exploits0References8
NVD
NVD
added 2026/04/22 7:17 p.m.7 views

CVE-2026-34414

Xerte Online Toolkits versions 3.15 and earlier contain a relative path traversal vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where the name parameter in rename commands is not sanitized for path traversal sequences. Attackers can supply a name value...

7.1CVSS0.02826EPSS
Exploits2References8
ATTACKERKB
ATTACKERKB
added 2026/04/22 6:32 p.m.5 views

CVE-2026-34414

Xerte Online Toolkits versions 3.15 and earlier contain a relative path traversal vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where the name parameter in rename commands is not sanitized for path traversal sequences. Attackers can supply a name value...

7.1CVSS6.3AI score0.02826EPSS
Exploits2References9
CVE
CVE
added 2026/04/22 6:32 p.m.13 views

CVE-2026-34414

CVE-2026-34414 affects Xerte Online Toolkits versions ≤ 3.15. A relative path traversal vulnerability exists in the elFinder connector endpoint at /editor/elfinder/php/connector.php, where the name parameter in rename commands is not sanitized for path traversal sequences. An attacker can supply ...

7.1CVSS6.3AI score0.02826EPSS
Exploits2References8
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.10 views

uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition

A Time-of-Check to Time-of-Use TOCTOU race condition exists in the mv utility of uutils coreutils during cross-device operations. The utility removes the destination path before recreating it through a copy operation. A local attacker with write access to the destination directory can exploit thi...

6.3CVSS5.5AI score0.00091EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/04/22 6:31 p.m.8 views

EUVD-2026-24990

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the mv utility of uutils coreutils during cross-device moves. The extended attribute xattr preservation logic uses multiple path-based system calls that perform fresh path-to-inode lookups for each operation. A local attacker with writ...

4.7CVSS5.8AI score0.00091EPSS
Exploits1References2
OSV
OSV
added 2026/04/22 6:31 p.m.7 views

GHSA-X4MC-MQM7-GG39 uutils coreutils has a Time-of-Check to Time-of-Use (TOCTOU) race condition

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the mv utility of uutils coreutils during cross-device moves. The extended attribute xattr preservation logic uses multiple path-based system calls that perform fresh path-to-inode lookups for each operation. A local attacker with writ...

4.7CVSS5.8AI score0.00091EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.11 views

uutils coreutils has a Time-of-Check to Time-of-Use (TOCTOU) race condition

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the mv utility of uutils coreutils during cross-device moves. The extended attribute xattr preservation logic uses multiple path-based system calls that perform fresh path-to-inode lookups for each operation. A local attacker with writ...

4.7CVSS5.3AI score0.00091EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/04/22 5:16 p.m.7 views

CVE-2026-35354

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the mv utility of uutils coreutils during cross-device moves. The extended attribute xattr preservation logic uses multiple path-based system calls that perform fresh path-to-inode lookups for each operation. A local attacker with writ...

4.7CVSS0.00091EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/22 4:8 p.m.3 views

CVE-2026-35365

The mv utility in uutils coreutils improperly handles directory trees containing symbolic links during moves across filesystem boundaries. Instead of preserving symlinks, the implementation expands them, copying the linked targets as real files or directories at the destination. This can lead to...

6.6CVSS5.8AI score0.00161EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/22 4:8 p.m.11 views

CVE-2026-35364

A Time-of-Check to Time-of-Use TOCTOU race condition exists in the mv utility of uutils coreutils during cross-device operations. The utility removes the destination path before recreating it through a copy operation. A local attacker with write access to the destination directory can exploit thi...

6.3CVSS5.9AI score0.00091EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/22 4:8 p.m.3 views

CVE-2026-35351 uutils coreutils mv Silent Ownership Loss in Cross-Device Operations

The mv utility in uutils coreutils fails to preserve file ownership during moves across different filesystem boundaries. The utility falls back to a copy-and-delete routine that creates the destination file using the caller's UID/GID rather than the source's metadata. This flaw breaks backups and...

4.2CVSS5.8AI score0.00132EPSS
Exploits1References1
CVE
CVE
added 2026/04/22 4:8 p.m.31 views

CVE-2026-35351

The CVE-2026-35351 entry concerns the mv utility in uutils coreutils, where moves across filesystem boundaries do not preserve source ownership. A copy-and-delete path creates the destination with the caller’s UID/GID instead of the source metadata, potentially causing files moved by a privileged...

4.2CVSS5.8AI score0.00132EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.11 views

Xerte Online Toolkits 路径遍历漏洞

Xerte Online Toolkits is an online learning content creation platform provided by British company Xerte. Versions of Xerte Online Toolkits 3.15 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the elFinder connector in the /editor/elfinder/php/connector.php...

7.1CVSS6.2AI score0.02826EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.8 views

PT-2026-34501

Name of the Vulnerable Software and Affected Versions uutils coreutils affected versions not specified Description The mv utility improperly handles directory trees containing symbolic links when moving them across filesystem boundaries. The implementation expands symbolic links—which are pointer...

6.6CVSS6AI score0.00161EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.5 views

PT-2026-34490

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the mv utility of uutils coreutils during cross-device moves. The extended attribute xattr preservation logic uses multiple path-based system calls that perform fresh path-to-inode lookups for each operation. A local attacker with writ...

4.7CVSS5.8AI score0.00091EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-35351

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The mv utility in uutils coreutils fails to preserve file ownership during moves across different filesystem boundaries. The utility falls back to a...

4.2CVSS5.8AI score0.00132EPSS
Exploits1References3
Rows per page
Query Builder