Lucene search
+L

750 matches found

OSV
OSV
added 2026/04/25 5:47 a.m.11 views

OESA-2026-1999 sudo security update

Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. Security Fixes: In Sudo through 1.9.17p2 before 3e474c2, a failure of a setui...

7.8CVSS5.4AI score0.00173EPSS
Exploits0References2
OSV
OSV
added 2026/04/25 5:47 a.m.8 views

OESA-2026-1997 sudo security update

Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. Security Fixes: In Sudo through 1.9.17p2 before 3e474c2, a failure of a setui...

7.8CVSS5.4AI score0.00173EPSS
Exploits0References2
OSV
OSV
added 2026/04/22 6:31 p.m.12 views

GHSA-X2WV-9P67-MH9W uutils coreutils doesn't properly handle setuid and setgid bits when ownership preservation fails

The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership preservation fails. When copying with the -p preserve flag, the utility applies the source mode bits even if the chown operation is unsuccessful. This can result in a user-owned copy retaining origin...

6.6CVSS5.8AI score0.00125EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.7 views

uutils coreutils doesn't properly handle setuid and setgid bits when ownership preservation fails

The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership preservation fails. When copying with the -p preserve flag, the utility applies the source mode bits even if the chown operation is unsuccessful. This can result in a user-owned copy retaining origin...

6.6CVSS5.2AI score0.00125EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/04/22 5:16 p.m.4 views

CVE-2026-35350

The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership preservation fails. When copying with the -p preserve flag, the utility applies the source mode bits even if the chown operation is unsuccessful. This can result in a user-owned copy retaining origin...

6.6CVSS0.00125EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/22 4:8 p.m.34 views

CVE-2026-35350 uutils coreutils cp Unexpected Privileged Executable Creation with -p

The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership preservation fails. When copying with the -p preserve flag, the utility applies the source mode bits even if the chown operation is unsuccessful. This can result in a user-owned copy retaining origin...

6.6CVSS0.00125EPSS
Exploits1References1
CVE
CVE
added 2026/04/22 4:8 p.m.23 views

CVE-2026-35350

The CVE-2026-35350 entry concerns the cp utility in uutils coreutils. When using -p (preserve), if chown fails, the tool applies the source’s mode bits, potentially producing a user-owned copy with privileged bits (setuid/setgid) and violating local security policies. This behavior differs from G...

6.6CVSS5.7AI score0.00125EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/22 4:8 p.m.7 views

CVE-2026-35350 uutils coreutils cp Unexpected Privileged Executable Creation with -p

The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership preservation fails. When copying with the -p preserve flag, the utility applies the source mode bits even if the chown operation is unsuccessful. This can result in a user-owned copy retaining origin...

6.6CVSS5.7AI score0.00125EPSS
Exploits1References1
OSV
OSV
added 2026/04/22 10:0 a.m.5 views

SUSE-SU-2026:21369-1 Security update for sudo

This update for sudo fixes the following issues: - CVE-2026-35535: unhandled failure of setuid, setgid or setgroups calls during a mailer privilege drop allows for local privilege escalation bsc1261420...

7.8CVSS5.2AI score0.00173EPSS
Exploits0References3
OSV
OSV
added 2026/04/22 9:56 a.m.6 views

OPENSUSE-SU-2026:20604-1 Security update for sudo

This update for sudo fixes the following issues: - CVE-2026-35535: unhandled failure of setuid, setgid or setgroups calls during a mailer privilege drop allows for local privilege escalation bsc1261420...

7.8CVSS5.3AI score0.00173EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.4 views

PT-2026-34486

The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership preservation fails. When copying with the -p preserve flag, the utility applies the source mode bits even if the chown operation is unsuccessful. This can result in a user-owned copy retaining origin...

6.6CVSS5.7AI score0.00125EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.9 views

uutils coreutils 安全漏洞

uutils coreutils is a cross-platform core command-line tool set developed by Uutils Open Source. There is a security vulnerability in uutils coreutils. This vulnerability arises from the cp utility’s failure to properly handle the setuid and setgid bits when ownership retention fails. When copyin...

6.6CVSS5.8AI score0.00125EPSS
Exploits1References1
OSV
OSV
added 2026/04/17 12:59 p.m.13 views

OESA-2026-1908 sudo security update

Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. Security Fixes: In Sudo through 1.9.17p2 before 3e474c2, a failure of a setui...

7.8CVSS5.8AI score0.00173EPSS
Exploits0References2
OSV
OSV
added 2026/04/16 12:52 p.m.3 views

SUSE-SU-2026:21252-1 Security update for sudo

This update for sudo fixes the following issues: - CVE-2026-35535: unhandled failure of setuid, setgid or setgroups calls during a mailer privilege drop allows for local privilege escalation bsc1261420...

7.8CVSS5.2AI score0.00173EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/04 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-35385

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performe...

8.1CVSS7AI score0.00419EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/03 1:56 p.m.8 views

CVE-2026-35535

A flaw was found in Sudo. A local user could exploit a failure in the setuid, setgid, or setgroups calls, which are used to drop privileges before running the mailer. This oversight allows for privilege escalation, enabling the user to gain elevated access on the system...

7.4CVSS5.9AI score0.00173EPSS
Exploits0References7
EUVD
EUVD
added 2026/04/03 3:31 a.m.9 views

EUVD-2026-18571

In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation...

7.4CVSS5.9AI score0.00173EPSS
Exploits0References5
OSV
OSV
added 2026/04/03 3:16 a.m.5 views

DEBIAN-CVE-2026-35535

In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation...

7.8CVSS5.3AI score0.00173EPSS
Exploits0References1
NVD
NVD
added 2026/04/03 3:16 a.m.8 views

CVE-2026-35535

In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation...

7.8CVSS0.00173EPSS
Exploits0References33
OSV
OSV
added 2026/04/03 3:16 a.m.7 views

UBUNTU-CVE-2026-35535

In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation...

7.8CVSS5.8AI score0.00173EPSS
Exploits0References7
Rows per page
Query Builder