Lucene search
+L

19 matches found

euvd
euvd
added 2026/07/06 8:24 p.m.8 views

EUVD-2026-25012

mv: symlinks expanded during cross-device move resource exhaustion / data duplication...

6.6CVSS5.9AI score0.00161EPSS
Exploits0References5
redhatcve
redhatcve
added 2026/04/24 7:16 p.m.10 views

CVE-2026-35365

The mv utility in uutils coreutils improperly handles directory trees containing symbolic links during moves across filesystem boundaries. Instead of preserving symlinks, the implementation expands them, copying the linked targets as real files or directories at the destination. This can lead to...

6.6CVSS5.2AI score0.00161EPSS
Exploits0References2
github
github
added 2026/04/22 6:31 p.m.7 views

Duplicate Advisory: uutils coreutils has a Link Following issue

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-h444-6j9x-p8vh. This link is maintained to preserve external references. Original Description The mv utility in uutils coreutils improperly handles directory trees containing symbolic links during moves across...

6.6CVSS5.9AI score0.00161EPSS
Exploits0References5Affected Software1
cvelist
cvelist
added 2026/04/22 4:8 p.m.27 views

CVE-2026-35365 uutils coreutils mv Denial of Service and Data Duplication via Improper Symlink Expansion

The mv utility in uutils coreutils improperly handles directory trees containing symbolic links during moves across filesystem boundaries. Instead of preserving symlinks, the implementation expands them, copying the linked targets as real files or directories at the destination. This can lead to...

6.6CVSS0.00161EPSS
Exploits0References2
cve
cve
added 2026/04/22 4:8 p.m.16 views

CVE-2026-35365

The CVE concerns the mv utility in uutils coreutils. The issue is that during moves across filesystem boundaries, the mv implementation does not preserve symbolic links; instead, it expands them and copies the linked targets as real files/directories at the destination. According to the provided ...

6.6CVSS5.8AI score0.00161EPSS
Exploits0References2Affected Software1
osv
osv
added 2026/04/22 4:8 p.m.4 views

CVE-2026-35365 uutils coreutils mv Denial of Service and Data Duplication via Improper Symlink Expansion

The mv utility in uutils coreutils improperly handles directory trees containing symbolic links during moves across filesystem boundaries. Instead of preserving symlinks, the implementation expands them, copying the linked targets as real files or directories at the destination. This can lead to...

6.6CVSS5.9AI score0.00161EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/04/22 12:0 a.m.9 views

PT-2026-34501

Name of the Vulnerable Software and Affected Versions uutils coreutils affected versions not specified Description The mv utility improperly handles directory trees containing symbolic links when moving them across filesystem boundaries. The implementation expands symbolic links—which are pointer...

6.6CVSS6AI score0.00161EPSS
Exploits0References15
nessus
nessus
added 2026/04/22 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-35365

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The mv utility in uutils coreutils improperly handles directory trees containing symbolic links during moves across filesystem boundaries. Instead of preserving...

6.6CVSS5.8AI score0.00161EPSS
Exploits0References3
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-9339

Malware in sbrugna...

9.8CVSS9.2AI score0.03173EPSS
Exploits0References12
susecve
susecve
added 2023/02/15 4:36 a.m.4 views

SUSE CVE-2017-18206

In utils.c in zsh before 5.4, symlink expansion had a buffer overflow...

5.3CVSS9.8AI score0.03173EPSS
Exploits0References7
amazon
amazon
added 2018/04/05 12:0 a.m.32 views

Low: zsh

Issue Overview: NULL dereference in cd in sh compatibility mode under given circumstances In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set. CVE-2017-18205 Null-pointer...

9.8CVSS9.2AI score0.03173EPSS
Exploits0
openvas
openvas
added 2018/03/26 12:0 a.m.31 views

Debian: Security Advisory (DLA-1304-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.9AI score0.03173EPSS
Exploits0References2
mageia
mageia
added 2018/03/14 4:21 p.m.35 views

Updated zsh packages fix security vulnerabilities

Zsh has been updated to fix 4 security issues. In builtin.c in zsh before 5.4, when sh compatibility mode is used, there is a NULL pointer dereference during processing of the cd command with no argument if HOME is not set. CVE-2017-18205 In utils.c in zsh before 5.4, symlink expansion had a buff...

9.8CVSS0.5AI score0.03173EPSS
Exploits0References2
debian
debian
added 2018/03/09 5:1 p.m.30 views

[SECURITY] [DLA 1304-1] zsh security update

Package : zsh Version : 4.3.17-1+deb7u1 CVE IDs : CVE-2014-10070 CVE-2014-10071 CVE-2014-10072 CVE-2016-10714 CVE-2017-18206 It was discovered that there were multiple vulnerabilities in the "zsh" shell: CVE-2014-10070: Fix a privilege-elevation issue if the environment has not been properly...

9.8CVSS8.7AI score0.03173EPSS
Exploits0
osv
osv
added 2018/02/27 10:29 p.m.25 views

CVE-2017-18206

In utils.c in zsh before 5.4, symlink expansion had a buffer overflow...

9.8CVSS9.8AI score
Exploits0References6
osv
osv
added 2018/02/27 10:29 p.m.1 views

DEBIAN-CVE-2017-18206

In utils.c in zsh before 5.4, symlink expansion had a buffer overflow...

9.8CVSS9.5AI score0.03173EPSS
Exploits0References1
cve
cve
added 2018/02/27 10:0 p.m.124 views

CVE-2017-18206

CVE-2017-18206 affects zsh prior to 5.4, with a buffer overflow in the symlink expansion path (utils.c: symlink expansion). The vulnerability allows a local, unprivileged user to abuse specially crafted directory paths, potentially leading to privilege escalation or related crashes. It is address...

9.8CVSS7.2AI score0.03173EPSS
Exploits0References6Affected Software1
debiancve
debiancve
added 2018/02/27 10:0 p.m.25 views

CVE-2017-18206

In utils.c in zsh before 5.4, symlink expansion had a buffer overflow...

9.8CVSS3.5AI score0.03173EPSS
Exploits0
osv
osv
added 2018/02/27 12:0 a.m.6 views

UBUNTU-CVE-2017-18206

In utils.c in zsh before 5.4, symlink expansion had a buffer overflow...

9.8CVSS7.2AI score0.03173EPSS
Exploits0References4
Rows per page
Query Builder