Page 3 of 14 results (0.012 seconds)

CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0

Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name. Una vulnerabilidad de salto de directorio en GNU en versiones de parche que soportan parcheo Git-style en versiones anteriores a la 2.7.3 permite que atacantes remotos escriban en archivos arbitrarios con los permisos del usuario objetivo mediante un ".." (dot dot) en el nombre de un archivo diff. • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154214.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148953.html http://www.openwall.com/lists/oss-security/2015/01/27/28 http://www.securityfocus.com/bid/72846 http://www.ubuntu.com/usn/USN-2651-1 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775873 https://bugzilla.redhat.com/show_bug.cgi?id=1184490 https://git.savannah.gnu.org/cgit/patch.git/commit/?id=17953b5893f7c9835f0dd2a704 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.1EPSS: 1%CPEs: 7EXPL: 0

GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file. GNU parche 2.7.2 y anteriores permite que atacantes remotos provoquen una denegación de servicio (consumo de memoria y error de segmentación) mediante un archivo diff manipulado. • http://advisories.mageia.org/MGASA-2015-0068.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154214.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148953.html http://www.openwall.com/lists/oss-security/2015/01/22/7 http://www.securityfocus.com/bid/72286 http://www.ubuntu.com/usn/USN-2651-1 https://bugzilla.redhat.com/show_bug.cgi?id=1185262 https://git.savannah.gnu.org/cgit/patch.git/commit/?id=0c08d7a902c6fdd49b704623a12d8d672ef18944 • CWE-399: Resource Management Errors •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 1

GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file. El parche de GNU 2.7.1 permite a atacantes remotos escribir a ficheros arbitrarios a través de un ataque de enlace simbólico en un fichero del parche. • http://git.savannah.gnu.org/cgit/patch.git/commit/?id=4e9269a5fc1fe80a1095a92593dd85db871e1fd3 http://lists.opensuse.org/opensuse-updates/2015-02/msg00013.html http://seclists.org/oss-sec/2015/q1/173 http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html http://www.securityfocus.com/bid/72074 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775227 https://bugzilla.redhat.com/show_bug.cgi?id=1182154 https://exchange.xforce.ibmcloud.com/vulnerabilities/99967 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 5.8EPSS: 0%CPEs: 5EXPL: 0

Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (dot dot) or full pathname, a related issue to CVE-2010-1679. Vulnerabilidad de salto de directorio en util.c en el parche GNU v2.6.1 y anteriores, permite a atacantes remotos asistidos por el usuario crear o sobreescribir archivos de su elección a través de un nombre de archivo que se especifica con un .. (punto punto) o la ruta completa, un problema relacionado con CVE-2010-1679. • http://git.savannah.gnu.org/cgit/patch.git/commit/?id=685a78b6052f4df6eac6d625a545cfb54a6ac0e1 http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055241.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055246.html http://lists.gnu.org/archive/html/bug-patch/2010-12/msg00000.html http://openwall.com/lists/oss-security/2011/01/05/10 http://openwall.com/lists/oss-security/2011/01& • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •