CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2014-9637 – Mandriva Linux Security Advisory 2015-138
https://notcve.org/view.php?id=CVE-2014-9637
02 Mar 2015 — GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file. GNU parche 2.7.2 y anteriores permite que atacantes remotos provoquen una denegación de servicio (consumo de memoria y error de segmentación) mediante un archivo diff manipulado. Jakub Wilk discovered that GNU patch did not correctly handle file paths in patch files. An attacker could specially craft a patch file that could overwrite arbitrary files with the p... • http://advisories.mageia.org/MGASA-2015-0068.html • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 3%CPEs: 6EXPL: 0CVE-2015-1395 – Mandriva Linux Security Advisory 2015-138
https://notcve.org/view.php?id=CVE-2015-1395
02 Mar 2015 — Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name. Una vulnerabilidad de salto de directorio en GNU en versiones de parche que soportan parcheo Git-style en versiones anteriores a la 2.7.3 permite que atacantes remotos escriban en archivos arbitrarios con los permisos del usuario objetivo mediante un ".." (dot dot) en el nombre... • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154214.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2015-1196 – Mandriva Linux Security Advisory 2015-138
https://notcve.org/view.php?id=CVE-2015-1196
21 Jan 2015 — GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file. El parche de GNU 2.7.1 permite a atacantes remotos escribir a ficheros arbitrarios a través de un ataque de enlace simbólico en un fichero del parche. Jakub Wilk discovered that GNU patch did not correctly handle file paths in patch files. An attacker could specially craft a patch file that could overwrite arbitrary files with the privileges of the user invoking the program. This issue only affected Ubu... • http://git.savannah.gnu.org/cgit/patch.git/commit/?id=4e9269a5fc1fe80a1095a92593dd85db871e1fd3 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •