Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnu coreutils vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-0684
A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.
Gnu Coreutils 9.2
Gnu Coreutils 9.3
Gnu Coreutils 9.4
1 Github repository
NA
CVE-2023-49298
OpenZFS up to and including 2.1.13 and 2.2.x up to and including 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and thus potentially disable security mechanisms. NOTE: this is...
Openzfs Openzfs
Openzfs Openzfs 2.2.0
409
VMScore
CVE-2015-4041
The keycompare_mb function in sort.c in sort in GNU Coreutils up to and including 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows malicious users to cause a denial of service (heap-based b...
Gnu Coreutils
668
VMScore
CVE-2015-4042
Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils up to and including 8.23 might allow malicious users to cause a denial of service (application crash) or possibly have unspecified other impact via long strings.
Gnu Coreutils
170
VMScore
CVE-2017-18018
In GNU Coreutils up to and including 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condi...
Gnu Coreutils
2 Github repositories
294
VMScore
CVE-2015-1865
fts.c in coreutils 8.4 allows local users to delete arbitrary files.
Gnu Coreutils 8.4
189
VMScore
CVE-2016-2781
chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
Gnu Coreutils
7 Github repositories
668
VMScore
CVE-2014-9471
The parse_datetime function in GNU coreutils allows remote malicious users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date comma...
Gnu Coreutils
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
170
VMScore
CVE-2013-0223
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent malicious users to cause a denial of service (segmentation fault and crash) via a long string to the join command, when using the -i switch, which triggers a stack-based buffer overflow in the alloca functio...
Redhat Enterprise Linux 6.0
Opensuse Opensuse 11.4
Opensuse Opensuse 12.2
Opensuse Opensuse 12.1
435
VMScore
CVE-2013-0221
The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent malicious users to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1) -d or (2) -M switch, which triggers a stack-based buffer overflow in the ...
Redhat Enterprise Linux 6.0
Opensuse Opensuse 12.2
Opensuse Opensuse 12.1
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »