Lucene search
+L

34 matches found

AlpineLinux
AlpineLinux
added 2020/03/25 4:44 p.m.76 views

CVE-2019-20633

GNU patch through 2.7.6 contains a freeplinepend Double Free vulnerability in the function anotherhunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952...

5.5CVSS6.5AI score0.00998EPSS
Exploits1
Cvelist
Cvelist
added 2020/03/25 4:44 p.m.79 views

CVE-2019-20633

GNU patch through 2.7.6 contains a freeplinepend Double Free vulnerability in the function anotherhunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952...

6.2AI score0.00998EPSS
Exploits1References1
OSV
OSV
added 2020/02/21 11:6 p.m.18 views

MGASA-2020-0093 Updated patch packages fix security vulnerabilities

Updated patch package fixes security vulnerabilities: In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. CVE-2019-13636. A vulnerability was found in GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited...

9.3CVSS6.8AI score0.04493EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2019/12/31 12:0 a.m.90 views

NewStart CGSL CORE 5.05 / MAIN 5.05 : patch Multiple Vulnerabilities (NS-SA-2019-0253)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has patch packages installed that are affected by multiple vulnerabilities: - An issue was discovered in GNU patch before 2.7.6. Out- of-bounds access within pchwriteline in pch.c can possibly lead to DoS via a crafted input...

9.3CVSS6.6AI score0.08344EPSS
Exploits1References5
OSV
OSV
added 2019/07/26 1:15 p.m.40 views

CVE-2019-13638

GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156...

7.8CVSS7.8AI score0.04493EPSS
Exploits0References15
NVD
NVD
added 2019/07/26 1:15 p.m.27 views

CVE-2019-13638

GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156...

9.3CVSS7.6AI score0.04493EPSS
Exploits0References15
AlpineLinux
AlpineLinux
added 2019/07/26 12:22 p.m.64 views

CVE-2019-13638

GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156...

9.3CVSS8.1AI score0.04493EPSS
Exploits0
NVD
NVD
added 2018/02/05 4:29 p.m.17 views

CVE-2015-1418

The doedscript function in pch.c in GNU patch through 2.7.6, and patch in FreeBSD 10.1 before 10.1-RELEASE-p17, 10.2 before 10.2-BETA2-p3, 10.2-RC1 before 10.2-RC1-p2, and 0.2-RC2 before 10.2-RC2-p1, allows remote attackers to execute arbitrary commands via a crafted patch file, because a '!'...

9.3CVSS7.7AI score0.03708EPSS
Exploits0References6
Check Point Advisories
Check Point Advisories
added 2016/08/23 12:0 a.m.6 views

FreeBSD bspatch Utility Remote Code Execution (CVE-2014-9862)

A remote code execution vulnerability has been reported in the bspatch utility in FreeBSD. The vulnerability is due to improper validation on the numbers of bytes to read from diff and extra stream values. A remote attacker can exploit this vulnerability by enticing the target user to download an...

7.2CVSS4.8AI score0.06762EPSS
Exploits0
CNVD
CNVD
added 2016/07/31 12:0 a.m.7 views

Apple OS X bsdiff Integer Sign Error Vulnerability

Apple OS X is a specialized operating system developed for Mac computers. An integer sign error vulnerability exists in the bspatch.c file in bsdiff used by Apple OS X, which can be exploited by a remote attacker to crash an application or execute arbitrary code by building a special patch file...

7.8CVSS7.6AI score0.06762EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2016/07/22 2:59 a.m.27 views

CVE-2014-9862

Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and other products, allows remote attackers to execute arbitrary code or cause a denial of service heap-based buffer overflow via a crafted patch file...

7.8CVSS7.3AI score0.06762EPSS
Exploits0References7
Prion
Prion
added 2016/07/22 2:59 a.m.16 views

Design/Logic Flaw

Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and other products, allows remote attackers to execute arbitrary code or cause a denial of service heap-based buffer overflow via a crafted patch file...

7.2CVSS8.1AI score0.06762EPSS
Exploits0References14Affected Software1
Debian CVE
Debian CVE
added 2016/07/22 1:0 a.m.36 views

CVE-2014-9862

Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and other products, allows remote attackers to execute arbitrary code or cause a denial of service heap-based buffer overflow via a crafted patch file...

7.8CVSS8.4AI score0.06762EPSS
Exploits0
ArchLinux
ArchLinux
added 2015/01/28 12:0 a.m.52 views

patch: multiple issues

CVE-2015-1196 directory traversal A directory traversal flaw was discovered that allows remote attackers to write to arbitrary files via a symlink attack in a patch file. This could allow an attacker to overwrite arbitrary files by applying a specially crafted patch, with the privileges of the...

4.3CVSS5AI score0.06096EPSS
Exploits1References5
Rows per page
Query Builder