patch: do_ed_script in pch.c does not block strings beginning with a ! character

A flaw was found in GNU patch through version 2.7.6. Strings beginning with a exclamation mark are not blocked by default. When ed receives an exclamation mark-prefixed command line argument, the argument is executed as a shell command. The highest threat from this vulnerability is to data...

USN-4071-2: Patch vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-4071-1 fixed several vulnerabilities in Patch. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that Patch incorrectly handled certain...

strip-curtains.com Open Redirect vulnerability

Security Researcher k0t Helped patch 2130 vulnerabilities Received 9 Coordinated Disclosure badges Received 95 recommendations , a holder of 9 badges for responsible and coordinated disclosure, found a security vulnerability affecting strip-curtains.com website and its users. Following coordinate...

NewStart CGSL MAIN 4.05 : patch Vulnerability (NS-SA-2019-0138)

The remote NewStart CGSL host, running version MAIN 4.05, has patch packages installed that are affected by a vulnerability: - GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code...

AZL-35106 CVE-2019-13638 affecting package patch for versions less than 2.7.6-9

GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156...

ALPINE-CVE-2019-13636

In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c...

Security update for go1.11 (moderate)

openSUSE Security Update: Security update for go1.11 Announcement ID: openSUSE-SU-2019:1164-1 Rating: moderate References: 1123013 Cross-References: CVE-2019-6486 Affected Products: openSUSE Leap 15.0 An update that fixes one vulnerability is now available. Description: This update for go1.11 to...

Security Bulletin: Security Vulnerabilities affect IBM Cloud Private Monitoring

Summary Security Vulnerabilities affect IBM Cloud Private Monitoring Vulnerability Details CVEID: CVE-2018-14618 DESCRIPTION: cURL libcurl is vulnerable to a buffer overflow, caused by an integer overflow flaw in the Curlntlmcoremknthash internal function in the NTLM authentication code. By sendi...

atomic-openshift: oc patch with json causes masterapi service crash

An out of bounds write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform 3.x. An attacker can use this flaw to cause a denial of service attack on the Openshift master API service which provides cluster management...

PT-2018-12628 · Red Hat · Openshift Container Platform

Name of the Vulnerable Software and Affected Versions: OpenShift Container Platform versions prior to 3.7 Description: The issue is related to an out-of-bounds write that can occur when patching an OpenShift object using the oc patch functionality. This can be exploited to cause a denial of servi...

spring-boot: Malicious PATCH requests submitted to servers can use specially crafted JSON data to run arbitrary Java code

Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 Ingalls SR9, versions prior to 3.0.1 Kay SR1 and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code...

RHEL 7 : patch (RHSA-2018:2093)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2018:2093 advisory. The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to...

patch: Malicious patch files cause ed to execute arbitrary commands

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's...

patch: Malicious patch files cause ed to execute arbitrary commands

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's...

patch: Malicious patch files cause ed to execute arbitrary commands

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's...

patch: Malicious patch files cause ed to execute arbitrary commands

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's...

EulerOS 2.0 SP2 : patch (EulerOS-SA-2018-1147)

According to the version of the patch package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed ca...

ProjectPier PHP Remote File Inclusion Vulnerability

Project Pier is a free open source project management system . A PHP remote file inclusion vulnerability exists in the public/patch/patch.php file in Project Pier 0.8.8 and earlier versions. A remote attacker can exploit this vulnerability to execute arbitrary commands or SQL statements with the...

patch: Malicious patch files cause ed to execute arbitrary commands

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's...

patch: Malicious patch files cause ed to execute arbitrary commands

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITORPROGRAM invocation using ed can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's...