Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnu coreutils vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-0684
A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.
Gnu Coreutils 9.2
Gnu Coreutils 9.3
Gnu Coreutils 9.4
1 Github repository
NA
CVE-2023-49298
OpenZFS up to and including 2.1.13 and 2.2.x up to and including 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and thus potentially disable security mechanisms. NOTE: this is...
Openzfs Openzfs
Openzfs Openzfs 2.2.0
9.3
CVSSv2
CVE-2021-44228
Apache Log4j2 2.0-beta9 up to and including 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can contr...
Apache Log4j 2.0
Apache Log4j
Siemens Sppa-t3000 Ses3000 Firmware
Siemens Logo\\! Soft Comfort
Siemens Spectrum Power 4 4.70
Siemens Spectrum Power 4
Siemens Siveillance Control Pro
Siemens Energyip Prepay 3.7
Siemens Energyip Prepay 3.8
Siemens Siveillance Identity 1.6
Siemens Siveillance Identity 1.5
Siemens Siveillance Command
Siemens Sipass Integrated 2.85
Siemens Sipass Integrated 2.80
Siemens Head-end System Universal Device Integration System
Siemens Gma-manager
Siemens Energyip 8.5
Siemens Energyip 8.6
Siemens Energyip 8.7
Siemens Energyip 9.0
Siemens Energy Engage 3.1
Siemens E-car Operation Center
2 Metasploit modules
1162 Github repositories
28 Articles
4.6
CVSSv2
CVE-2015-4041
The keycompare_mb function in sort.c in sort in GNU Coreutils up to and including 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows malicious users to cause a denial of service (heap-based b...
Gnu Coreutils
7.5
CVSSv2
CVE-2015-4042
Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils up to and including 8.23 might allow malicious users to cause a denial of service (application crash) or possibly have unspecified other impact via long strings.
Gnu Coreutils
1.9
CVSSv2
CVE-2017-18018
In GNU Coreutils up to and including 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condi...
Gnu Coreutils
2 Github repositories
3.3
CVSSv2
CVE-2015-1865
fts.c in coreutils 8.4 allows local users to delete arbitrary files.
Gnu Coreutils 8.4
2.1
CVSSv2
CVE-2016-2781
chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
Gnu Coreutils
7 Github repositories
7.5
CVSSv2
CVE-2014-9471
The parse_datetime function in GNU coreutils allows remote malicious users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date comma...
Gnu Coreutils
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
4.3
CVSSv2
CVE-2013-0221
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent malicious users to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based buffer overflow in the ...
Redhat Enterprise Linux 6.0
Opensuse Opensuse 12.2
Opensuse Opensuse 12.1
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »