123 matches found
CVE-2026-56288
GNU patch is vulnerable to a NULL pointer dereference when processing a specially crafted unified-diff patch file. Improper handling of consecutive end-of-file newline markers can corrupt internal hunk single block of changes in diff data structures, causing the application to pass a NULL pointer...
CVE-2026-50015
A flaw was found in pnpm. An attacker can exploit this by contributing a malicious patch file through a pull request. During the pnpm install process, the patch application pipeline fails to validate file paths extracted from these patch files. This allows the attacker to write or delete arbitrar...
EUVD-2026-39492
pnpm Vulnerable to Arbitrary File Write/Delete via Malicious Patch File Path Traversal...
CVE-2026-50015
pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's patch application pipeline @pnpm/patch-package performs no path validation on file paths extracted from .patch files. An attacker who contributes a malicious patch file via a pull request can write attacker-controlled content to or...
CVE-2026-50015 pnpm: Arbitrary File Write/Delete via Malicious Patch File (Path Traversal)
pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's patch application pipeline @pnpm/patch-package performs no path validation on file paths extracted from .patch files. An attacker who contributes a malicious patch file via a pull request can write attacker-controlled content to or...
CVE-2026-50015
CVE-2026-50015 affects the pnpm package manager via its patch application pipeline (@pnpm/patch-package). The vulnerability arises because, prior to 10.34.0 and 11.4.0, patch file diff headers can contain traversals like ../../, and the pipeline performs no path validation on file paths extracted...
CVE-2026-39199
snes9x 1.63 allows an out-of-bounds write and denial of service via a crafted .ups file...
CVE-2026-39199
The CVE-2026-39199 entry affects snes9x 1.63 and describes an out-of-bounds write that leads to a denial of service when processing a crafted .ups patch file. The vulnerability is tied to the emulator’s handling of UP.patch data, causing a crash (DoS) when a malicious or malformed patch is loaded...
SUSE-SU-2026:1519-1 Security update 5.1.3 for Multi-Linux Manager Client Tools
This update fixes the following issues: golang-github-lusitaniae-apacheexporter: - Internal changes to fix build issues with no impact for customers spacecmd: - Version 5.1.13-0 Updated translation strings uyuni-tools: - Version 5.1.26-0 Fixed applying PTF with images from RPMs bsc1252548 Ssl Key...
CVE-2025-63910
An authenticated arbitrary file upload vulnerability in Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted patch file...
CVE-2025-63910
An authenticated arbitrary file upload vulnerability in Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted patch file...
CVE-2025-63910
An authenticated arbitrary file upload vulnerability in Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted patch file...
Cohesity TranZman 安全漏洞
Cohesity TranZman is a data migration and recovery software developed by Cohesity Corporation. Version 4.0 Build 14614 of Cohesity TranZman contains a security vulnerability. This vulnerability arises from the upload of any file with authenticated access, potentially allowing attackers with...
CVE-2025-63910
An authenticated arbitrary file upload vulnerability in Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted patch file...
CLSA-2026-1770909956 Fix CVE(s): CVE-2026-23876
SECURITY UPDATE: out of bounds write vulnerability in XBM decoder - debian/patches/CVE-2026-23876.patch: add overflow checks to prevent out of bounds write in coders/xbm.c - CVE-2026-23876...
CVE-2026-25143 melange affected by potential host command execution via license-check YAML mode patch pipeline
melange allows users to build apk packages using declarative pipelines. From version 0.10.0 to before 0.40.3, an attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline in pkg/build/pipelines/patch.yaml embeds...
CLSA-2026-1770040871 Fix CVE(s): CVE-2023-4781
Fix CVE-2023-4781.patch - debian/patches/CVE-2023-4781.patch: patch winexchange instead of winrotate...
CLSA-2026-1768989383 Fix CVE(s): CVE-2025-68973
SECURITY UPDATE: Possible memory corruption in the armor parser - debian/patches/CVE-2025-68973.patch: fix faulty double increment - CVE-2025-68973...
CLSA-2026-1768300849 Fix CVE(s): CVE-2024-50349
SECURITY UPDATE: improper encoding or escaping of credential handling - debian/patches/CVE-2024-50349.patch: fix ANSI escape sequence vulnerability that occurs when asking for credentials interactively - CVE-2024-50349...
CLSA-2026-1768224866 Fix CVE(s): CVE-2025-58436
SECURITY UPDATE: Possible DoS attack caused by a slow client communication - debian/patches/CVE-2025-58436.patch: fix unresponsive cupsd process caused by a slow client - CVE-2025-58436...