Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnu patch vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2015-1396
A Directory Traversal vulnerability exists in the GNU patch prior to 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196.
Gnu Patch
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
5.8
CVSSv2
CVE-2022-29458
ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.
Gnu Ncurses 6.3
Gnu Ncurses
Apple Macos
Debian Debian Linux 10.0
5.8
CVSSv2
CVE-2019-13636
In GNU patch up to and including 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c.
Gnu Patch
1 Github repository
5.8
CVSSv2
CVE-2010-4651
Directory traversal vulnerability in util.c in GNU patch 2.6.1 and previous versions allows user-assisted remote malicious users to create or overwrite arbitrary files via a filename that is specified with a .. (dot dot) or full pathname, a related issue to CVE-2010-1679.
Gnu Gnu Patch
Gnu Gnu Patch 2.6
Gnu Gnu Patch 2.5
Gnu Gnu Patch 2.5.9
Gnu Gnu Patch 2.5.4
5
CVSSv2
CVE-2018-6951
An issue exists in GNU patch up to and including 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue.
Gnu Patch
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 17.10
5
CVSSv2
CVE-2018-6952
A double free exists in the another_hunk function in pch.c in GNU patch up to and including 2.7.6.
Gnu Patch
1 Github repository
5
CVSSv2
CVE-2010-4695
A certain Fedora patch for gif2png.c in gif2png 2.5.1 and 2.5.2, as distributed in gif2png-2.5.1-1200.fc12 on Fedora 12 and gif2png_2.5.2-1 on Debian GNU/Linux, truncates a GIF pathname specified on the command line, which might allow remote malicious users to create PNG files in...
Catb Gif2png 2.5.2
Catb Gif2png 2.5.1
5
CVSSv2
CVE-2005-4347
The Linux 2.4 kernel patch in kernel-patch-vserver prior to 1.9.5.5 and 2.x prior to 2.3 for Debian GNU/Linux does not correctly set the "chroot barrier" with util-vserver, which allows malicious users to access files on the host system that are outside of the vserver.
Debian Kernel-patch-vserver
Debian Debian Linux 3.0
Debian Debian Linux 3.1
5
CVSSv2
CVE-2005-0080
The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 displays a different error message depending on whether the e-mail address is subscribed to a private list, which allows remote malicious users to determine the list membership for a given e-mail address.
Gnu Mailman 2.1.5
Ubuntu Ubuntu Linux 4.10
4.6
CVSSv2
CVE-2012-3410
Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash prior to 4.2 patch 33 might allow local users to bypass intended restricted shell access via a long filename in /dev/fd, which is not properly handled when expanding the /dev/fd prefix.
Gnu Bash 4.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »