The comm utility in uutils coreutils silently corrupts binary and non-UTF-8 encoded file output by replacing invalid UTF-8 byte sequences with the Unicode replacement character (U+FFFD), diverging from GNU comm's byte-preserving behavior. This affects any user comparing files with legacy encodings or binary content, resulting in data integrity loss. A proof-of-concept demonstrating the lossy conversion exists, and a patch is available.
The id utility in uutils coreutils displays incorrect effective user information in its pretty-print output when real and effective UIDs differ, using the effective GID instead of effective UID for name lookup. This causes misleading diagnostic output that could lead system administrators or automated scripts to make incorrect access control decisions, though impact is limited to information disclosure with no direct code execution or system compromise.
The nohup utility in uutils coreutils creates its default output file with world-readable permissions (0644) instead of owner-only (0600), allowing any local user to read captured stdout/stderr and access potentially sensitive information in multi-user systems. This information disclosure vulnerability affects all versions of uutils coreutils and diverges from the secure permission model implemented in GNU coreutils.
The mkdir utility in uutils coreutils creates directories with default umask-derived permissions (0755) before applying the requested mode via chmod, creating a race condition window where a directory intended to be private becomes briefly accessible to other local users. This affects uutils coreutils versions prior to 0.6.0 and requires local authenticated access to exploit, limiting real-world impact despite the CVSS score of 3.3.
Nimiq Core-rs-Albatross prior to v1.3.0 crashes when processing malformed transaction inclusion proofs with mismatched history and positions arrays. A remote attacker can trigger a denial of service by sending a crafted ResponseTransactionsProof with unequal array lengths, causing the HistoryTreeProof::verify function to panic. The vulnerability requires high attack complexity and user interaction, limiting real-world impact despite network accessibility.
dnsdist's Discovery of Designated Resolvers (DDR) upgrade mechanism allows a rogue backend to send a crafted SVCB response that causes a denial of service via availability impact when DDR is explicitly enabled through the autoUpgrade (Lua) or auto_upgrade (YAML) configuration options. The vulnerability requires adjacent network access and high complexity exploitation conditions, affecting only deployments that have manually enabled DDR functionality-a non-default configuration.
dnsdist can experience a denial-of-service condition through query-response mismatching when a client sends precisely timed floods of queries routed to TCP-only or DNS over TLS backends. An adjacent network attacker with high timing precision can cause limited availability impact by desynchronizing the query-response correlation on affected backends, though exploitation requires favorable network conditions and careful query timing. This issue carries a low CVSS score (3.1) reflecting the high attack complexity and adjacency requirement.
Uncontrolled resource consumption in Tanium Interact allows authenticated high-privilege administrators to trigger a denial of service condition through network-accessible endpoints. The vulnerability requires high-level administrative privileges (PR:H) and produces only availability impact with no confidentiality or integrity compromise. CVSS base score of 2.7 reflects the severe privilege barrier and limited impact scope.
Information disclosure vulnerability in Tanium Threat Response allows high-privileged authenticated users to access sensitive data via network requests. The vulnerability affects all versions of Threat Response and requires administrator-level privileges to exploit, resulting in confidentiality impact with no integrity or availability compromise. No active exploitation has been publicly identified.
Tanium Server allows high-privileged authenticated users to disclose sensitive information through an unspecified network-accessible mechanism. The vulnerability requires administrative or equivalent privileges and carries a low CVSS score (2.7) reflecting limited impact to confidentiality with no integrity or availability consequences. No active exploitation or public proof-of-concept has been identified.
Nano text editor creates ~/.local directory with overly permissive 0777 permissions instead of 0700 in environments with permissive umask settings, allowing local authenticated users to inject malicious .desktop launcher files that could lead to information disclosure or unintended actions when processed. CVSS score 2.5 reflects local attack vector and low integrity impact, with active exploitation status unknown and no public exploit code identified at time of analysis.
CPython's http.cookies.Morsel.js_output() method generates inline script snippets that fail to neutralize the HTML parser-sensitive sequence </script>, allowing attackers with high privilege levels to inject arbitrary JavaScript by crafting malicious cookie values. While the method escapes double quotes for JavaScript string context, it does not prevent premature termination of the script element through </script> injection, resulting in limited information disclosure. The vendor has released patches addressing this inadequate escaping mechanism through base64-encoding of cookie values.
Buffer over-read in rust-openssl's password callback APIs allows information disclosure when a user-supplied callback returns a value larger than the provided buffer. The vulnerability affects rust-openssl bindings to OpenSSL 1.x and 2.x; OpenSSL 3.x implementations are not vulnerable. An attacker who controls the password callback can read sensitive data from adjacent memory regions.
Path traversal vulnerability in Poetry's tar extraction function allows arbitrary file writes when processing untrusted source distributions on Python 3.10.0-3.10.12 and 3.11.0-3.11.4, where the tarfile.data_filter safety mechanism is absent or broken. The vulnerability is triggered during dependency resolution (poetry add --lock) or installation before the build backend executes, enabling attackers to write files outside the intended extraction directory via crafted tar member paths, symlinks, or hardlinks in malicious sdists.
F Prime framework before version 4.2.0 allows remote code execution via integer overflow in bounds checking combined with path traversal in file upload functionality. An attacker sending a crafted DataPacket with byteOffset=0xFFFFFF9C and dataSize=100 causes U32 addition to wrap to zero, bypassing the fileSize validation. This enables writing arbitrary data to any file at any offset on the target system, leading to remote code execution on embedded spaceflight and other critical systems. CISA KEV status and active exploitation unknown; vendor patch available in version 4.2.0.