Lucene search
K

4 matches found

EUVD
EUVD
added 2026/07/06 8:15 p.m.8 views

EUVD-2026-24981

rm: --preserve-root bypassed via a symlink to / string check instead of dev/inode...

7.7CVSS5.9AI score0.00184EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.10 views

Duplicate Advisory: uutils coreutils has a Link Following Issue Via rm Utility

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7cr3-h577-g38j. This link is maintained to preserve external references. Original Description A vulnerability in the rm utility of uutils coreutils allows a bypass of the --preserve-root protection. The...

7.7CVSS5.9AI score0.00184EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/04/22 4:7 p.m.20 views

CVE-2026-35349

CVE-2026-35349 affects the rm utility in uutils coreutils . The root cause is a path-string check used to identify the root directory instead of comparing device/inode numbers, allowing a symbolic link that resolves to "/" (e.g., "/tmp/rootlink -> /") to bypass --preserve-root. This can lead t...

7.7CVSS5.8AI score0.00184EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2024/04/25 3:10 p.m.3 views

buildah: full container escape at build time

A flaw was found in Buildah and subsequently Podman Build which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation ...

8.6CVSS6.9AI score0.0049EPSS
Exploits0References7
Rows per page
Query Builder