2020

2019

2018

2017

CVE-2017-18018 (v3: 4.7) 4 Jan 2018
In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.

2016

CVE-2016-7098 (v3: 8.1) 26 Sep 2016
Race condition in wget 1.17 and earlier, when used in recursive or mirroring mode to download a single file, might allow remote servers to bypass intended access list restrictions by keeping an HTTP connection open.

2015

CVE-2015-1865 (v3: 4.7) 20 Sep 2017
fts.c in coreutils 8.4 allows local users to delete arbitrary files.

2014

2013

2012

2011