Vulnerabilities > GNU > Coreutils > 5.97

DATE CVE VULNERABILITY TITLE RISK
2020-01-24 CVE-2015-4042 Integer Overflow or Wraparound vulnerability in GNU Coreutils
Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings.
network
low complexity
gnu CWE-190
7.5
2018-01-04 CVE-2017-18018 Race Condition vulnerability in GNU Coreutils
In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.
local
gnu CWE-362
1.9
2015-01-16 CVE-2014-9471 The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date command.
network
low complexity
gnu canonical
7.5