Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnu patch vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-0687
A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix thi...
Gnu Glibc
9.8
CVSSv3
CVE-2017-8283
dpkg-source in dpkg 1.3.0 up to and including 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote malicious users to conduct directory traversal attacks via a crafted Debian source package, as...
Debian Dpkg 1.18.19
Debian Dpkg 1.18.17
Debian Dpkg 1.18.12
Debian Dpkg 1.18.10
Debian Dpkg 1.18.3
Debian Dpkg 1.18.1
Debian Dpkg 1.17.18
Debian Dpkg 1.17.16
Debian Dpkg 1.17.11
Debian Dpkg 1.17.9
Debian Dpkg 1.17.2
Debian Dpkg 1.17.0
Debian Dpkg 1.16.4.3
Debian Dpkg 1.16.4.1
Debian Dpkg 1.16.1.1
Debian Dpkg 1.16.0.3
Debian Dpkg 1.15.8.7
Debian Dpkg 1.15.8.5
Debian Dpkg 1.15.7.1
Debian Dpkg 1.15.6.1
Debian Dpkg 1.15.5.3
Debian Dpkg 1.15.5.1
8.8
CVSSv3
CVE-2023-4863
Heap buffer overflow in libwebp in Google Chrome before 116.0.5845.187 and libwebp 1.3.2 allowed a remote malicious user to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
Google Chrome
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Fedoraproject Fedora 39
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Debian Debian Linux 12.0
Mozilla Firefox
Mozilla Thunderbird
Mozilla Firefox Esr
Microsoft Edge
Webmproject Libwebp
22 Github repositories
5 Articles
7.8
CVSSv3
CVE-2019-18276
An issue exists in disable_priv_mode in shell.c in GNU Bash up to and including 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Lin...
Gnu Bash
Gnu Bash 5.0
Netapp Solidfire -
Netapp Hci Management Node -
Netapp Oncommand Unified Manager
Oracle Communications Cloud Native Core Policy 1.14.0
3 Github repositories
7.8
CVSSv3
CVE-2018-20969
do_ed_script in pch.c in GNU patch up to and including 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.
Gnu Patch
1 Github repository
7.8
CVSSv3
CVE-2019-13638
GNU patch up to and including 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is diff...
Gnu Patch 2.7.6
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
1 Github repository
7.8
CVSSv3
CVE-2018-20483
set_file_metadata in xattr.c in GNU Wget prior to 1.20.1 stores a file's origin URL in the user.xdg.origin.url metadata attribute of the extended attributes of the downloaded file, which allows local users to obtain sensitive information (e.g., credentials contained in the U...
Gnu Wget
1 Article
7.8
CVSSv3
CVE-2015-1416
Larry Wall's patch; patch in FreeBSD 10.2-RC1 prior to 10.2-RC1-p1, 10.2 prior to 10.2-BETA2-p2, and 10.1 prior to 10.1-RELEASE-p16; Bitrig; GNU patch prior to 2.2.5; and possibly other patch variants allow remote malicious users to execute arbitrary shell commands via a cra...
Freebsd Freebsd 10.1
Freebsd Freebsd 10.0
Freebsd Freebsd 10.2
7.8
CVSSv3
CVE-2015-1418
The do_ed_script function in pch.c in GNU patch up to and including 2.7.6, and patch in FreeBSD 10.1 prior to 10.1-RELEASE-p17, 10.2 prior to 10.2-BETA2-p3, 10.2-RC1 prior to 10.2-RC1-p2, and 0.2-RC2 prior to 10.2-RC2-p1, allows remote malicious users to execute arbitrary command...
Freebsd Freebsd 10.1
Freebsd Freebsd 10.2
7.5
CVSSv3
CVE-2015-1396
A Directory Traversal vulnerability exists in the GNU patch prior to 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196.
Gnu Patch
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »