Lucene search
K

848 matches found

RedhatCVE
RedhatCVE
added 2026/04/24 8:33 p.m.7 views

CVE-2026-35353

The mkdir utility in uutils coreutils incorrectly applies permissions when using the -m flag by creating a directory with umask-derived permissions typically 0755 before subsequently changing them to the requested mode via a separate chmod system call. In multi-user environments, this introduces ...

3.3CVSS5.2AI score0.00102EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/22 6:31 p.m.6 views

EUVD-2026-24988

The mkdir utility in uutils coreutils incorrectly applies permissions when using the -m flag by creating a directory with umask-derived permissions typically 0755 before subsequently changing them to the requested mode via a separate chmod system call. In multi-user environments, this introduces ...

3.3CVSS5.7AI score0.00102EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.9 views

uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition

The mkdir utility in uutils coreutils incorrectly applies permissions when using the -m flag by creating a directory with umask-derived permissions typically 0755 before subsequently changing them to the requested mode via a separate chmod system call. In multi-user environments, this introduces ...

3.3CVSS5.2AI score0.00102EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/04/22 6:31 p.m.6 views

EUVD-2026-25015

The nohup utility in uutils coreutils creates its default output file, nohup.out, without specifying explicit restricted permissions. This causes the file to inherit umask-based permissions, typically resulting in a world-readable file 0644. In multi-user environments, this allows any user on the...

3.3CVSS5.8AI score0.00114EPSS
Exploits1References2
NVD
NVD
added 2026/04/22 5:16 p.m.7 views

CVE-2026-35367

The nohup utility in uutils coreutils creates its default output file, nohup.out, without specifying explicit restricted permissions. This causes the file to inherit umask-based permissions, typically resulting in a world-readable file 0644. In multi-user environments, this allows any user on the...

3.3CVSS0.00114EPSS
Exploits1References1
NVD
NVD
added 2026/04/22 5:16 p.m.6 views

CVE-2026-35353

The mkdir utility in uutils coreutils incorrectly applies permissions when using the -m flag by creating a directory with umask-derived permissions typically 0755 before subsequently changing them to the requested mode via a separate chmod system call. In multi-user environments, this introduces ...

3.3CVSS0.00102EPSS
Exploits0References2
CVE
CVE
added 2026/04/22 4:8 p.m.13 views

CVE-2026-35367

The CVE concerns the nohup utility from the uutils coreutils project, where nohup.out is created without explicit restricted permissions, causing it to inherit umask-based permissions (typically 0644) and become world-readable. This differs from GNU coreutils, which creates nohup.out with owner-o...

3.3CVSS5.8AI score0.00114EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/22 4:8 p.m.6 views

CVE-2026-35367 uutils coreutils nohup Information Disclosure via Insecure Default Output Permissions

The nohup utility in uutils coreutils creates its default output file, nohup.out, without specifying explicit restricted permissions. This causes the file to inherit umask-based permissions, typically resulting in a world-readable file 0644. In multi-user environments, this allows any user on the...

3.3CVSS5.8AI score0.00114EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/22 4:8 p.m.5 views

CVE-2026-35367

The nohup utility in uutils coreutils creates its default output file, nohup.out, without specifying explicit restricted permissions. This causes the file to inherit umask-based permissions, typically resulting in a world-readable file 0644. In multi-user environments, this allows any user on the...

3.3CVSS5.8AI score0.00114EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/22 4:8 p.m.4 views

CVE-2026-35353

The mkdir utility in uutils coreutils incorrectly applies permissions when using the -m flag by creating a directory with umask-derived permissions typically 0755 before subsequently changing them to the requested mode via a separate chmod system call. In multi-user environments, this introduces ...

3.3CVSS5.7AI score0.00102EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.4 views

PT-2026-34503

The nohup utility in uutils coreutils creates its default output file, nohup.out, without specifying explicit restricted permissions. This causes the file to inherit umask-based permissions, typically resulting in a world-readable file 0644. In multi-user environments, this allows any user on the...

3.3CVSS5.8AI score0.00114EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.10 views

PT-2026-34489

The mkdir utility in uutils coreutils incorrectly applies permissions when using the -m flag by creating a directory with umask-derived permissions typically 0755 before subsequently changing them to the requested mode via a separate chmod system call. In multi-user environments, this introduces ...

3.3CVSS5.7AI score0.00102EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.11 views

uutils coreutils 安全漏洞

uutils coreutils is a cross-platform core command-line toolset developed by Uutils. There is a security vulnerability in uutils coreutils. This vulnerability stems from the mkdir utility incorrectly applying permissions when using the -m flag. It first uses umask to derive directory permissions a...

3.3CVSS5.8AI score0.00102EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.9 views

uutils coreutils 安全漏洞

uutils coreutils is a cross-platform core command-line toolset developed by Uutils. There is a security vulnerability in uutils coreutils, which stems from the lack of explicit permission restrictions when nohup is used to create the default output file. This vulnerability could allow any user in...

3.3CVSS5.8AI score0.00114EPSS
Exploits1References1
NVD
NVD
added 2026/04/17 9:16 p.m.8 views

CVE-2026-35603

Claude Code is an agentic coding tool. In versions prior to 2.1.75 on Windows, Claude Code loaded the system-wide default configuration from C:\ProgramData\ClaudeCode\managed-settings.json without validating directory ownership or access permissions. Because the ProgramData directory is writable ...

7.3CVSS0.00108EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/17 8:38 p.m.3 views

CVE-2026-35603

Claude Code is an agentic coding tool. In versions prior to 2.1.75 on Windows, Claude Code loaded the system-wide default configuration from C:\ProgramData\ClaudeCode\managed-settings.json without validating directory ownership or access permissions. Because the ProgramData directory is writable ...

5.4CVSS5.7AI score0.00108EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/04/17 8:38 p.m.18 views

CVE-2026-35603

CVE-2026-35603 (Claude Code, Windows) : In versions prior to 2.1.75, Claude Code loaded the system-wide default configuration from C:\ProgramData\ClaudeCode\managed-settings.json without validating directory ownership or access permissions. Since ProgramData is writable by non-administrative user...

7.3CVSS5.7AI score0.00108EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.14 views

PT-2026-33510

On Windows, Claude Code loaded system-wide default configuration from C:ProgramDataClaudeCodemanaged-settings.json without validating directory ownership or access permissions. Because the ProgramData directory is writable by non-administrative users by default and the ClaudeCode subdirectory was...

5.4CVSS5.8AI score0.00108EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/04/10 11:25 p.m.6 views

SUSE CVE-2026-39860

Nix is a package manager for Linux and other Unix systems. A bug in the fix for CVE-2024-27297 allowed for arbitrary overwrites of files writable by the Nix process orchestrating the builds typically the Nix daemon running as root in multi-user installations by following symlinks during...

9CVSS5.9AI score0.00193EPSS
Exploits0References3
NVD
NVD
added 2026/04/08 9:17 p.m.2 views

CVE-2026-39860

Nix is a package manager for Linux and other Unix systems. A bug in the fix for CVE-2024-27297 allowed for arbitrary overwrites of files writable by the Nix process orchestrating the builds typically the Nix daemon running as root in multi-user installations by following symlinks during...

9CVSS0.00193EPSS
Exploits0References6
Rows per page
Query Builder