CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

33 matches found

RedhatCVE•added 2026/04/24 8:32 p.m.•4 views

CVE-2026-35376

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the chcon utility of uutils coreutils during recursive operations. The implementation resolves recursive targets using a fresh path lookup via ftsaccpath rather than binding the traversal and label application to the specific directory...

5.8CVSS5.3AI score0.00013EPSS

Exploits0References2

OSV•added 2026/04/22 6:31 p.m.•3 views

GHSA-6G8R-74QP-6859 uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition

4.5CVSS5.8AI score0.00013EPSS

Exploits0References4

EUVD•added 2026/04/22 6:31 p.m.•1 views

EUVD-2026-25028

4.5CVSS5.8AI score0.00013EPSS

Exploits0References3

Github Security Blog•added 2026/04/22 6:31 p.m.•3 views

uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition

5.8CVSS5.3AI score0.00013EPSS

Exploits0References4Affected Software1

NVD•added 2026/04/22 5:16 p.m.•1 views

CVE-2026-35376

5.8CVSS0.00013EPSS

Exploits0References2

CVE•added 2026/04/22 4:9 p.m.•5 views

CVE-2026-35376

A TOCTOU vulnerability exists in the chcon utility of uutils coreutils during recursive operations. The code uses a fresh path lookup (fts_accpath) to resolve targets instead of binding traversal and label application to the directory state encountered during traversal, and the operations are not...

5.8CVSS5.8AI score0.00013EPSS

Exploits0References2Affected Software1

ATTACKERKB•added 2026/04/22 4:9 p.m.•3 views

CVE-2026-35376

4.5CVSS5.8AI score0.00013EPSS

Exploits0References3

Cvelist•added 2026/04/22 4:9 p.m.•25 views

CVE-2026-35376 uutils coreutils chcon Security Bypass and Mandatory Access Control (MAC) Inconsistency via TOCTOU Race Condition

4.5CVSS0.00013EPSS

Exploits0References2

Vulnrichment•added 2026/04/22 4:9 p.m.•6 views

CVE-2026-35376 uutils coreutils chcon Security Bypass and Mandatory Access Control (MAC) Inconsistency via TOCTOU Race Condition

4.5CVSS5.8AI score0.00013EPSS

Exploits0References2

Positive Technologies•added 2026/04/22 12:0 a.m.•5 views

PT-2026-34512

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the chcon utility of uutils coreutils during recursive operations. The implementation resolves recursive targets using a fresh path lookup via fts accpath rather than binding the traversal and label application to the specific director...

4.5CVSS5.8AI score0.00013EPSS

Exploits0References3

Tenable Nessus•added 2026/01/16 12:0 a.m.•4 views

MiracleLinux 7 : policycoreutils-2.5-22.el7 (AXSA:2018-2922:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2018-2922:01 advisory. policycoreutils: Relabelling of symbolic links in /tmp and /var/tmp change the context of their target instead CVE-2018-1063 Tenable has extracted the...

4.4CVSS5.6AI score0.00117EPSS

Exploits0References2

OSV•added 2025/12/24 11:16 a.m.•0 views

UBUNTU-CVE-2025-68733

In the Linux kernel, the following vulnerability has been resolved: smack: fix bug: unprivileged task can create labels If an unprivileged task is allowed to relabel itself /smack/relabel-self is not empty, it can freely create new labels by writing their names into own /proc/PID/attr/smack/curre...

5.7AI score0.00066EPSS

Exploits0References35

ATTACKERKB•added 2025/12/24 10:33 a.m.•1 views

CVE-2025-68733

5.2AI score0.00066EPSS

Exploits0References9Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-11716

Malware in sbrugna...

4.4CVSS4.9AI score0.00117EPSS

Exploits0References6

SUSE Linux•added 2025/02/14 7:19 a.m.•4 views

Security update for SUSE Manager Client Tools

This update fixes the following issues: dracut-saltboot was updated to version 0.1.1728559936.c16d4fb: Added MAC based terminal naming option jscSUMA-314 golang-github-prometheus-prometheus was updated from version 2.45.6 to 2.53.3 jscPED-11649: Security issues fixed: CVE-2024-51744: Updated...

9.4CVSS8.7AI score0.32338EPSS

Exploits3References62

OSV•added 2024/10/01 9:15 p.m.•0 views

UBUNTU-CVE-2024-9407

A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories...

4.7CVSS7.2AI score0.00015EPSS

Exploits0References5

Cvelist•added 2024/10/01 8:13 p.m.•18 views

CVE-2024-9407 Buildah: podman: improper input validation in bind-propagation option of dockerfile run --mount instruction

4.7CVSS0.00015EPSS

Exploits0References9

CVE•added 2024/10/01 8:13 p.m.•292 views

CVE-2024-9407

CVE-2024-9407 is a local-privilege vulnerability in the bind-propagation option of Dockerfile RUN --mount as implemented by buildah/podman. The root cause is improper input validation, allowing an attacker to pass arbitrary parameters to the mount operation and potentially mount host directories ...

4.7CVSS5.6AI score0.00015EPSS

Exploits0References10

Rockylinux•added 2023/07/08 2:53 a.m.•12 views

selinux-policy bug fix update

An update is available for selinux-policy. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The selinux-policy packages contain the rules that govern how confined...

6.8AI score

Exploits0

SUSE CVE•added 2023/02/15 4:34 a.m.•2 views

SUSE CVE-2018-1063

Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state...

5.3CVSS7AI score0.00117EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by