Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2015-1396
HistoryNov 25, 2019 - 4:15 p.m.

CVE-2015-1396

2019-11-2516:15:00
CWE-22
[email protected]
web.nvd.nist.gov
28
directory traversal
gnu patch
cve-2015-1396
symlink attack
incomplete fix
nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

6.2 Medium

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.029 Low

EPSS

Percentile

90.7%

JSON

A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196.

Related

prion 2
cvelist 2
debiancve 2
ubuntucve 2
nessus 13
openvas 13
securityvulns 3
ubuntu 1
rosalinux 1
cve 1
slackware 1
fedora 4
archlinux 1
mageia 1
prion
prion
Directory traversal
2019-11-25 16:15:00
Design/Logic Flaw
2015-01-21 18:59:00
cvelist
cvelist
CVE-2015-1396
2019-11-25 15:44:16
CVE-2015-1196
2015-01-21 18:00:00
debiancve
debiancve
CVE-2015-1396
2019-11-25 16:15:00
CVE-2015-1196
2015-01-21 18:59:00
ubuntucve
ubuntucve
CVE-2015-1396
2015-01-28 00:00:00
CVE-2015-1196
2015-01-21 00:00:00
nessus
nessus
SUSE SLED12 / SLES12 Security Update : patch (SUSE-SU-2015:1019-1)
2015-06-10 00:00:00
Ubuntu 14.04 LTS : GNU patch vulnerabilities (USN-2651-1)
2015-06-23 00:00:00
openSUSE Security Update : patch (openSUSE-SU-2015:0199-1)
2015-02-04 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2015:1019-1)
2021-04-19 00:00:00
Ubuntu: Security Advisory (USN-2651-1)
2015-06-24 00:00:00
Slackware: Security Advisory (SSA:2015-047-01)
2022-04-21 00:00:00
securityvulns
securityvulns
GNU patch security vulnerabilities
2015-06-29 00:00:00
[USN-2651-1] GNU patch vulnerabilities
2015-06-29 00:00:00
[ MDVSA-2015:050 ] patch
2015-03-08 00:00:00
ubuntu
ubuntu
GNU patch vulnerabilities
2015-06-22 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1946
2021-07-02 17:39:56
cve
cve
CVE-2015-1196
2015-01-21 18:59:00
slackware
slackware
[slackware-security] patch
2015-02-16 21:15:25
fedora
fedora
[SECURITY] Fedora 21 Update: patch-2.7.4-1.fc21
2015-02-05 05:23:20
[SECURITY] Fedora 21 Update: patch-2.7.5-1.fc21
2015-03-23 07:13:16
[SECURITY] Fedora 21 Update: patch-2.7.3-1.fc21
2015-01-30 23:54:24
archlinux
archlinux
patch: multiple issues
2015-01-28 00:00:00
mageia
mageia
Updated patch packages fix security vulnerabilities
2015-02-17 21:38:13

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

6.2 Medium

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.029 Low

EPSS

Percentile

90.7%

JSON
Related for CVE-2015-1396
prion2cvelist2debiancve2ubuntucve2nessus13openvas13securityvulns3ubuntu1rosalinux1cve1slackware1fedora4archlinux1mageia1