| CVE-2026-35379 |
low |
3.3 |
3.3 |
|
|
|
1mo ago |
A logic error in the tr utility of uutils coreutils causes the program to incorrectly define the [:graph:] and [:print:] character classes. The implementation mistakenly includes the ASCII space char… |
| CVE-2026-35378 |
low |
3.3 |
3.3 |
|
|
|
1mo ago |
A logic error in the expr utility of uutils coreutils causes the program to evaluate parenthesized subexpressions during the parsing phase rather than at the execution phase. This implementation flaw… |
| CVE-2026-35375 |
low |
3.3 |
3.3 |
|
|
|
1mo ago |
A logic error in the split utility of uutils coreutils causes the corruption of output filenames when provided with non-UTF-8 prefix or suffix inputs. The implementation utilizes to_string_lossy() wh… |
| CVE-2026-35371 |
low |
3.3 |
3.3 |
|
|
|
1mo ago |
uutils coreutils's User Interface (UI) Misrepresents Critical Information |
| CVE-2026-35344 |
low |
3.3 |
3.3 |
|
|
|
1mo ago |
uutils coreutils has an Unchecked Return Value Issue |
| CVE-2026-35343 |
low |
3.3 |
3.3 |
|
|
|
1mo ago |
The cut utility in uutils coreutils incorrectly handles the -s (only-delimited) option when a newline character is specified as the delimiter. The implementation fails to verify the only_delimited fl… |
| CVE-2026-35342 |
low |
3.3 |
3.3 |
|
|
|
1mo ago |
The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementa… |
| CVE-2026-35381 |
low |
— |
2.5 |
|
|
|
1mo ago |
A logic error in the cut utility of uutils coreutils causes the utility to ignore the -s (only-delimited) flag when using the -z (null-terminated) and -d '' (empty delimiter) options together. The im… |
| CVE-2026-35377 |
low |
— |
2.5 |
|
|
|
1mo ago |
uutils coreutils has an Improper Input Validation Issue in its env Utility |
| CVE-2026-35362 |
low |
— |
2.5 |
|
|
|
1mo ago |
The safe_traversal module in uutils coreutils, which provides protection against Time-of-Check to Time-of-Use (TOCTOU) symlink races using file-descriptor-relative syscalls, is incorrectly limited to… |
| CVE-2026-35346 |
low |
— |
2.5 |
|
|
|
1mo ago |
The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::from_utf8_lossy(), which replaces invalid UTF-8 b… |
| CVE-2026-35361 |
low |
— |
2.5 |
|
|
|
1mo ago |
The mknod utility in uutils coreutils fails to handle security labels atomically by creating device nodes before setting the SELinux context. If labeling fails, the utility attempts cleanup using std… |
| CVE-2026-35353 |
low |
— |
2.5 |
|
|
|
1mo ago |
The mkdir utility in uutils coreutils incorrectly applies permissions when using the -m flag by creating a directory with umask-derived permissions (typically 0755) before subsequently changing them … |
| CVE-2026-35367 |
low |
— |
2.5 |
|
|
|
1mo ago |
uutils coreutils has an Incorrect Permission Assignment for Critical Resource |
