Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Coreutils Security Vulnerabilities

cve
cve

CVE-2005-1039

Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, (2) mknod, or (3) mkfifo is running with the -m switch, allows local users to modify permissions of other files.

6.3AI Score

0.0004EPSS

2005-05-02 04:00 AM
33
cve
cve

CVE-2008-1946

The default configuration of su in /etc/pam.d/su in GNU coreutils 5.2.1 allows local users to gain the privileges of a (1) locked or (2) expired account by entering the account name on the command line, related to improper use of the pam_succeed_if.so module.

6.2AI Score

0.0004EPSS

2008-07-28 05:41 PM
39
cve
cve

CVE-2009-4135

The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp.

6AI Score

0.0004EPSS

2009-12-11 04:30 PM
41
cve
cve

CVE-2014-9471

The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date command.

7.7AI Score

0.014EPSS

2015-01-16 04:59 PM
48
cve
cve

CVE-2015-1865

fts.c in coreutils 8.4 allows local users to delete arbitrary files.

4.7CVSS

4.7AI Score

0.0004EPSS

2017-09-20 06:29 PM
27
cve
cve

CVE-2015-4041

The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash)...

7.8CVSS

9AI Score

0.001EPSS

2020-01-24 05:15 PM
55
cve
cve

CVE-2015-4042

Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings.

9.8CVSS

9.7AI Score

0.004EPSS

2020-01-24 05:15 PM
41
cve
cve

CVE-2016-2781

chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

6.5CVSS

6.1AI Score

0.0004EPSS

2017-02-07 03:59 PM
92
2
cve
cve

CVE-2017-18018

In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.

4.7CVSS

4.6AI Score

0.0004EPSS

2018-01-04 04:29 AM
71
cve
cve

CVE-2024-0684

A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.

5.5CVSS

5.3AI Score

0.0004EPSS

2024-02-06 09:15 AM
61