Coreutils
Sign in to watchby GNU
CVEs (6)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-1865 | Med | 0.33 | 5.1 | 0.00 | Sep 20, 2017 | fts.c in coreutils 8.4 allows local users to delete arbitrary files. | |
| CVE-2016-2781 | Med | 0.30 | 4.6 | 0.00 | Feb 7, 2017 | chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. | |
| CVE-2014-9471 | 0.00 | — | 0.04 | Jan 16, 2015 | The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date command. | ||
| CVE-2009-4135 | 0.00 | — | 0.00 | Dec 11, 2009 | The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp. | ||
| CVE-2008-1946 | 0.00 | — | 0.00 | Jul 28, 2008 | The default configuration of su in /etc/pam.d/su in GNU coreutils 5.2.1 allows local users to gain the privileges of a (1) locked or (2) expired account by entering the account name on the command line, related to improper use of the pam_succeed_if.so module. | ||
| CVE-2005-1039 | 0.00 | — | 0.00 | May 2, 2005 | Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, (2) mknod, or (3) mkfifo is running with the -m switch, allows local users to modify permissions of other files. |