Vulnerabilities > GNU > Coreutils > 5.2.1

DATE CVE VULNERABILITY TITLE RISK
2020-01-24 CVE-2015-4042 Integer Overflow or Wraparound vulnerability in GNU Coreutils
Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings.
network
low complexity
gnu CWE-190
7.5
2018-01-04 CVE-2017-18018 Race Condition vulnerability in GNU Coreutils
In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.
local
gnu CWE-362
1.9
2015-01-16 CVE-2014-9471 The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date command.
network
low complexity
gnu canonical
7.5
2008-07-28 CVE-2008-1946 Permissions, Privileges, and Access Controls vulnerability in GNU Coreutils 5.2.1
The default configuration of su in /etc/pam.d/su in GNU coreutils 5.2.1 allows local users to gain the privileges of a (1) locked or (2) expired account by entering the account name on the command line, related to improper use of the pam_succeed_if.so module.
local
gnu CWE-264
4.4
2005-05-02 CVE-2005-1039 Local Race Condition vulnerability in GNU Coreutils 5.2.1
Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, (2) mknod, or (3) mkfifo is running with the -m switch, allows local users to modify permissions of other files.
local
high complexity
gnu
3.7