CVE-2019-13638

GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156...

UBUNTU-CVE-2019-13638

GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156...

CVE-2016-10713

A heap-based out-of-bounds read flaw was found in the way the patch utility parsed patch files. An attacker could potentially use this flaw to crash the patch utility by tricking it into processing crafted patch files...

CVE-2015-1418

The doedscript function in pch.c in GNU patch through 2.7.6, and patch in FreeBSD 10.1 before 10.1-RELEASE-p17, 10.2 before 10.2-BETA2-p3, 10.2-RC1 before 10.2-RC1-p2, and 0.2-RC2 before 10.2-RC2-p1, allows remote attackers to execute arbitrary commands via a crafted patch file, because a '!'...

DEBIAN-CVE-2015-1416

Larry Wall's patch; patch in FreeBSD 10.2-RC1 before 10.2-RC1-p1, 10.2 before 10.2-BETA2-p2, and 10.1 before 10.1-RELEASE-p16; Bitrig; GNU patch before 2.2.5; and possibly other patch variants allow remote attackers to execute arbitrary shell commands via a crafted patch file...

CVE-2017-12332

CVE-2017-12332 affects Cisco NX-OS System Software on multiple Cisco Nexus series switches and UCS Manager. The issue stems from insufficient restrictions in the patch installation process, allowing an authenticated, local attacker with valid administrator credentials to install a crafted patch i...

Cisco NX-OS System Software Patch Signature Bypass Vulnerability

A vulnerability in Cisco NX-OS System Software could allow an authenticated, local attacker to bypass signature verification when loading a software patch. The vulnerability is due to insufficient NX-OS signature verification for software patches. An authenticated, local attacker could exploit th...

The vulnerability of the OceanStor UDS storage system, related to improper code generation management, allows a attacker to execute arbitrary commands with root privileges.

The vulnerability of the OceanStor UDS storage system is related to incorrect code generation management. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary code with root privileges, using a specially created UDS patch with custom scripts...

CVE-2015-2252

Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to execute arbitrary code with root privileges via a crafted UDS patch with shell scripts...

FreeBSD bspatch Utility Remote Code Execution (CVE-2014-9862)

A remote code execution vulnerability has been reported in the bspatch utility in FreeBSD. The vulnerability is due to improper validation on the numbers of bytes to read from diff and extra stream values. A remote attacker can exploit this vulnerability by enticing the target user to download an...

Apple OS X bsdiff Integer Sign Error Vulnerability

Apple OS X is a specialized operating system developed for Mac computers. An integer sign error vulnerability exists in the bspatch.c file in bsdiff used by Apple OS X, which can be exploited by a remote attacker to crash an application or execute arbitrary code by building a special patch file...

DEBIAN-CVE-2014-9862

Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and other products, allows remote attackers to execute arbitrary code or cause a denial of service heap-based buffer overflow via a crafted patch file...

Design/Logic Flaw

Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and other products, allows remote attackers to execute arbitrary code or cause a denial of service heap-based buffer overflow via a crafted patch file...

CVE-2014-9862

Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and other products, allows remote attackers to execute arbitrary code or cause a denial of service heap-based buffer overflow via a crafted patch file...

CVE-2014-9862

Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and other products, allows remote attackers to execute arbitrary code or cause a denial of service heap-based buffer overflow via a crafted patch file...

The vulnerability of the Kubernetes cluster management software allows a hacker to gain access to protected information.

The vulnerability of the software interface of the Kubernetes cluster management server is related to lack of access control. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain access to protected information using a specially created patch...

PT-2016-1271 · Kubernetes · Kubernetes

Name of the Vulnerable Software and Affected Versions: Kubernetes affected versions not specified Description: The issue is related to insufficient access control in the Kubernetes API server, allowing remote authenticated users to access additional resources by crafting a patched object. This ca...

OpenBSD patch arbitrary command execution vulnerability

OpenBSD is a BSD-based operating system. OpenBSD fails to properly filter filter input patch streams, allowing a remote attacker to create specially crafted patch files that the target user processes and can run arbitrary commands...

patch: multiple issues

CVE-2015-1196 directory traversal A directory traversal flaw was discovered that allows remote attackers to write to arbitrary files via a symlink attack in a patch file. This could allow an attacker to overwrite arbitrary files by applying a specially crafted patch, with the privileges of the...