57 matches found
GNU patch denial of service vulnerability
GNU patch is a set of tools used by the GNU community to generate patch files. GNU patch has a denial of service vulnerability in version 2.7, which stems from the existence of an invalid pointer to the Otherhunk function, which can be exploited to cause a denial of service...
Cross-Site Scripting in yui
Affected versions of yui are vulnerable to cross-site scripting in the uploader.swf and io.swf utilities, via script injection in the url. Recommendation YUI has published their recommendation to fix this issue. Their recommendation is to: - Delete self-hosted copies of these files if you are not...
CVE-2020-3924
DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET do not properly verify patch files. Attackers can inject a specific command into a patch file and gain access to the system...
Design/Logic Flaw
DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET do not properly verify patch files. Attackers can inject a specific command into a patch file and gain access to the system...
CVE-2020-3924
CVE-2020-3924 concerns TONNET DVR firmware for the TAT-76 and TAT-77 series, where patch files are not properly verified. The vulnerability enables an attacker to inject a specific command into a patch file and gain access to the system. The available documents do not provide exploitation details...
patch: OS shell command injection when processing crafted patch files
A flaw was found in GNU patch through version 2.7.6. An ed-style diff payload patch file with shell metacharacters can be used to inject OS shell commands into a system. The ed editor does not need to be present on the vulnerable system for this attack to function. The highest threat from this...
patch: OS shell command injection when processing crafted patch files
A flaw was found in GNU patch through version 2.7.6. An ed-style diff payload patch file with shell metacharacters can be used to inject OS shell commands into a system. The ed editor does not need to be present on the vulnerable system for this attack to function. The highest threat from this...
NewStart CGSL CORE 5.04 / MAIN 5.04 : patch Vulnerability (NS-SA-2019-0029)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has patch packages installed that are affected by a vulnerability: - GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result ...
patch: Out-of-bounds access in pch_write_line function in pch.c
A heap-based out-of-bounds read flaw was found in the way the patch utility parsed patch files. An attacker could potentially use this flaw to crash the patch utility by tricking it into processing crafted patch files...
patch: Malicious patch files cause ed to execute arbitrary commands
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's...
patch: Malicious patch files cause ed to execute arbitrary commands
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's...
Important: Red Hat Security Advisory: patch security update
An update for patch is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base...
Important: Red Hat Security Advisory: patch security update
An update for patch is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact...
Important: Red Hat Security Advisory: patch security update
An update for patch is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Important: patch
Issue Overview: Malicious patch files cause ed to execute arbitrary commands GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a...
Important: patch
Issue Overview: Malicious patch files cause ed to execute arbitrary commands GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a...
SUSE-SU-2018:1162-1 Security update for patch
This update for patch fixes several issues. These security issues were fixed: - CVE-2018-1000156: patch: Malicious patch files cause ed to execute arbitrary commands bsc1088420. - CVE-2014-9637: Prevent DoS by remote attackers memory consumption and segmentation fault via a crafted diff file...
SUSE-SU-2018:1128-1 Security update for patch
This update for patch fixes the following issues: Security issues fixed: - CVE-2018-1000156: Malicious patch files cause ed to execute arbitrary commands bsc1088420. - CVE-2018-6951: Fixed NULL pointer dereference in the intuitdifftype function in pch.c bsc1080918. - CVE-2016-10713: Fixed...
RHEL 6 : patch (RHSA-2018:1199)
The remote Redhat Enterprise Linux 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2018:1199 advisory. The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to...
DEBIAN-CVE-2018-1000156
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's...