Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10692
Total
727
Critical
3080
High
3407
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-35374 | MEDIUM | 6.3 | A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the split utility of uutils coreutils. The program attempts to prevent data loss by checking for identity … | Apr 22, 2026 |
| CVE-2026-35373 | LOW | 3.3 | A logic error in the ln utility of uutils coreutils causes the program to reject source paths containing non-UTF-8 filename bytes when using target-directory forms … | Apr 22, 2026 |
| CVE-2026-35372 | MEDIUM | 5.0 | A logic error in the ln utility of uutils coreutils allows the utility to dereference a symbolic link target even when the --no-dereference (or -n) … | Apr 22, 2026 |
| CVE-2026-35371 | LOW | 3.3 | The id utility in uutils coreutils exhibits incorrect behavior in its "pretty print" output when the real UID and effective UID differ. The implementation incorrectly … | Apr 22, 2026 |
| CVE-2026-35370 | MEDIUM | 4.4 | The id utility in uutils coreutils miscalculates the groups= section of its output. The implementation uses a user's real GID instead of their effective GID … | Apr 22, 2026 |
| CVE-2026-35369 | MEDIUM | 5.5 | An argument parsing error in the kill utility of uutils coreutils incorrectly interprets kill -1 as a request to send the default signal (SIGTERM) to … | Apr 22, 2026 |
| CVE-2026-35368 | HIGH | 7.8 | A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam() after entering … | Apr 22, 2026 |
| CVE-2026-35367 | LOW | 3.3 | The nohup utility in uutils coreutils creates its default output file, nohup.out, without specifying explicit restricted permissions. This causes the file to inherit umask-based permissions, … | Apr 22, 2026 |
| CVE-2026-35366 | MEDIUM | 4.4 | The printenv utility in uutils coreutils fails to display environment variables containing invalid UTF-8 byte sequences. While POSIX permits arbitrary bytes in environment strings, the … | Apr 22, 2026 |
| CVE-2026-35365 | MEDIUM | 6.6 | The mv utility in uutils coreutils improperly handles directory trees containing symbolic links during moves across filesystem boundaries. Instead of preserving symlinks, the implementation expands … | Apr 22, 2026 |
| CVE-2026-35364 | MEDIUM | 6.3 | A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the mv utility of uutils coreutils during cross-device operations. The utility removes the destination path before … | Apr 22, 2026 |
| CVE-2026-35363 | MEDIUM | 5.6 | A vulnerability in the rm utility of uutils coreutils allows the bypass of safeguard mechanisms intended to protect the current directory. While the utility correctly … | Apr 22, 2026 |
| CVE-2026-35362 | LOW | 3.6 | The safe_traversal module in uutils coreutils, which provides protection against Time-of-Check to Time-of-Use (TOCTOU) symlink races using file-descriptor-relative syscalls, is incorrectly limited to Linux targets. … | Apr 22, 2026 |
| CVE-2026-35361 | LOW | 3.4 | The mknod utility in uutils coreutils fails to handle security labels atomically by creating device nodes before setting the SELinux context. If labeling fails, the … | Apr 22, 2026 |
| CVE-2026-35360 | MEDIUM | 6.3 | The touch utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition during file creation. When the utility identifies a missing … | Apr 22, 2026 |
| CVE-2026-35359 | MEDIUM | 4.7 | A Time-of-Check to Time-of-Use (TOCTOU) vulnerability in the cp utility of uutils coreutils allows an attacker to bypass no-dereference intent. The utility checks if a … | Apr 22, 2026 |
| CVE-2026-35358 | MEDIUM | 4.4 | The cp utility in uutils coreutils, when performing recursive copies (-R), incorrectly treats character and block device nodes as stream sources rather than preserving them. … | Apr 22, 2026 |
| CVE-2026-35357 | MEDIUM | 4.7 | The cp utility in uutils coreutils is vulnerable to an information disclosure race condition. Destination files are initially created with umask-derived permissions (e.g., 0644) before … | Apr 22, 2026 |
| CVE-2026-35356 | MEDIUM | 6.3 | A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the install utility of uutils coreutils when using the -D flag. The command creates parent directories and … | Apr 22, 2026 |
| CVE-2026-35355 | MEDIUM | 6.3 | The install utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition during file installation. The implementation unlinks an existing destination … | Apr 22, 2026 |
| CVE-2026-35354 | MEDIUM | 4.7 | A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the mv utility of uutils coreutils during cross-device moves. The extended attribute (xattr) preservation logic uses multiple … | Apr 22, 2026 |
| CVE-2026-35353 | LOW | 3.3 | The mkdir utility in uutils coreutils incorrectly applies permissions when using the -m flag by creating a directory with umask-derived permissions (typically 0755) before subsequently … | Apr 22, 2026 |
| CVE-2026-35352 | HIGH | 7.0 | A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the mkfifo utility of uutils coreutils. The utility creates a FIFO and then performs a path-based … | Apr 22, 2026 |
| CVE-2026-35351 | MEDIUM | 4.2 | The mv utility in uutils coreutils fails to preserve file ownership during moves across different filesystem boundaries. The utility falls back to a copy-and-delete routine … | Apr 22, 2026 |
| CVE-2026-35350 | MEDIUM | 6.6 | The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership preservation fails. When copying with the -p (preserve) flag, … | Apr 22, 2026 |