65 matches found
DEBIAN-CVE-2026-56289
GNU patch is vulnerable to a denial of service DoS due to improper validation of hunk single block of changes in diff line offsets in unified-diff input. A specially crafted patch can specify an extremely large line number, causing the application to enter an effectively infinite processing loop...
CVE-2026-56288
GNU patch is vulnerable to a NULL pointer dereference when processing a specially crafted unified-diff patch file. Improper handling of consecutive end-of-file newline markers can corrupt internal hunk single block of changes in diff data structures, causing the application to pass a NULL pointer...
CVE-2026-56288 NULL Pointer Dereference in GNU patch
GNU patch is vulnerable to a NULL pointer dereference when processing a specially crafted unified-diff patch file. Improper handling of consecutive end-of-file newline markers can corrupt internal hunk single block of changes in diff data structures, causing the application to pass a NULL pointer...
CVE-2026-59194
A flaw was found in pnpm, a package manager. A remote attacker could exploit this vulnerability by providing a specially crafted patch entry. This crafted entry could resolve outside the configured patches directory, allowing for the deletion of an arbitrary file when pnpm patch-remove is execute...
CVE-2026-59194
pnpm is a package manager. Prior to 10.34.4 and 11.7.0, a crafted patch entry could resolve outside the configured patches directory and cause pnpm patch-remove to delete an arbitrary reachable file. This vulnerability is fixed in 10.34.4 and 11.7.0...
CVE-2026-39199
The CVE-2026-39199 entry affects snes9x 1.63 and describes an out-of-bounds write that leads to a denial of service when processing a crafted .ups patch file. The vulnerability is tied to the emulator’s handling of UP.patch data, causing a crash (DoS) when a malicious or malformed patch is loaded...
JLSEC-2026-17
GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156...
EUVD-2025-208242
An authenticated arbitrary file upload vulnerability in Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted patch file...
Cohesity TranZman 安全漏洞
Cohesity TranZman is a data migration and recovery software developed by Cohesity Corporation. Version 4.0 Build 14614 of Cohesity TranZman contains a security vulnerability. This vulnerability arises from the upload of any file with authenticated access, potentially allowing attackers with...
CVE-2025-63910
An authenticated arbitrary file upload vulnerability in Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted patch file...
EUVD-2019-11172
Malware in sbrugna...
EUVD-2019-5066
Malware in sbrugna...
EUVD-2020-0058
Malware in sbrugna...
EUVD-2015-1553
Malware in sbrugna...
GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952.
...
Linux Distros Unpatched Vulnerability : CVE-2019-20633
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU patch through 2.7.6 contains a freeplinepend Double Free vulnerability in the function anotherhunk in pch.c that can cause a denial of service via a crafted...
CVE-2020-15904
A buffer overflow in the patching routine of bsdiff4 before 1.2.0 allows an attacker to write to heap memory beyond allocated bounds via a crafted patch file...
SUSE CVE-2011-2379
Cross-site scripting XSS vulnerability in Bugzilla 2.4 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3, when Internet Explorer before 9 or Safari before 5.0.6 is used for Raw Unified mode, allows remote attacke...
SUSE CVE-2019-13638
GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156...
SUSE CVE-2019-20633
GNU patch through 2.7.6 contains a freeplinepend Double Free vulnerability in the function anotherhunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952...