cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-45261,https://securityvulnerability.io/vulnerability/CVE-2021-45261,Invalid Pointer Vulnerability in GNU Patch by GNU,"An Invalid Pointer vulnerability exists in GNU Patch 2.7 through the another_hunk function, enabling a malicious actor to trigger a Denial of Service condition. This is caused by improper memory handling, potentially impacting the application's stability and availability.",Gnu,Patch,5.5,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2021-12-22T17:12:19.000Z,0
CVE-2019-20633,https://securityvulnerability.io/vulnerability/CVE-2019-20633,Double Free Vulnerability in GNU Patch by GNU,"A double free vulnerability exists in the GNU Patch utility, specifically within the 'another_hunk' function in the pch.c file. This flaw can be exploited through a specially crafted patch file, potentially leading to a denial of service. The issue arises due to an incomplete fix for a prior vulnerability, allowing attackers to exploit the system. Users of GNU Patch versions up to 2.7.6 should be aware of this risk and take appropriate measures to safeguard their environments.",Gnu,Patch,5.5,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2020-03-25T16:44:49.000Z,0
CVE-2015-1396,https://securityvulnerability.io/vulnerability/CVE-2015-1396,Directory Traversal Vulnerability in GNU Patch by GNU,"A Directory Traversal vulnerability in GNU Patch before version 2.7.4 permits remote attackers to exploit symlink attacks in patch files, allowing circumvention of file restrictions and writing arbitrary files to the system. This issue stems from an incomplete resolution of a previously identified vulnerability, CVE-2015-1196.",Gnu,Patch,7.5,HIGH,0.08370999991893768,false,,false,false,false,,,false,false,,2019-11-25T15:44:16.000Z,0
CVE-2018-20969,https://securityvulnerability.io/vulnerability/CVE-2018-20969,Command Injection Vulnerability in GNU Patch by GNU Project,"The command injection vulnerability in GNU Patch allows attackers to exploit input strings beginning with a '!' character. This issue affects versions up to 2.7.6, where the handling of the 'ed' command syntax creates a potential for unauthorized command execution. As the vulnerability is tied to the use of specific characters that bypass normal controls, it is crucial for users and administrators to ensure they are using updated and patched versions to mitigate the risk of exploitation.",Gnu,Patch,7.8,HIGH,0.003659999929368496,false,,false,false,false,,,false,false,,2019-08-16T03:36:12.000Z,0
CVE-2019-13638,https://securityvulnerability.io/vulnerability/CVE-2019-13638,OS Command Injection Vulnerability in GNU Patch Software,"GNU Patch, up to version 2.7.6, is susceptible to a vulnerability that allows for OS shell command injection. This can occur when a specially crafted patch file containing an ed-style diff payload with shell metacharacters is opened. Importantly, the 'ed' editor is not required to be present on the system for the exploit to succeed. This security flaw presents critical implications for systems where the patch utility is used, potentially enabling an attacker to execute arbitrary commands within the host environment.",Gnu,Patch,7.8,HIGH,0.04163999855518341,false,,false,false,false,,,false,false,,2019-07-26T12:22:43.000Z,0
CVE-2019-13636,https://securityvulnerability.io/vulnerability/CVE-2019-13636,Symlink Mishandling Vulnerability in GNU Patch Affected by Malicious Input,"In GNU Patch versions up to 2.7.6, a vulnerability exists where symlinks can be mishandled in certain scenarios not limited to input files. This flaw may allow malicious users to exploit the system through directory traversal or command injection techniques, leading to unauthorized actions or access. It's crucial for users of GNU Patch to be aware of this issue and to implement the available security patches to mitigate any potential risks.",Gnu,Patch,5.9,MEDIUM,0.010370000265538692,false,,false,false,false,,,false,false,,2019-07-17T20:04:00.000Z,0
CVE-2018-1000156,https://securityvulnerability.io/vulnerability/CVE-2018-1000156,,"GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.",Gnu,Patch,7.8,HIGH,0.013650000095367432,false,,false,false,false,,,false,false,,2018-04-06T13:00:00.000Z,0
CVE-2018-6951,https://securityvulnerability.io/vulnerability/CVE-2018-6951,,"An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a ""mangled rename"" issue.",Gnu,Patch,7.5,HIGH,0.00925000011920929,false,,false,false,false,,,false,false,,2018-02-13T19:00:00.000Z,0
CVE-2018-6952,https://securityvulnerability.io/vulnerability/CVE-2018-6952,,A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.,Gnu,Patch,7.5,HIGH,0.01737000048160553,false,,false,false,false,,,false,false,,2018-02-13T19:00:00.000Z,0
CVE-2016-10713,https://securityvulnerability.io/vulnerability/CVE-2016-10713,,An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file.,Gnu,Patch,5.5,MEDIUM,0.002139999996870756,false,,false,false,false,,,false,false,,2018-02-13T19:00:00.000Z,0
CVE-2010-4651,https://securityvulnerability.io/vulnerability/CVE-2010-4651,,"Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (dot dot) or full pathname, a related issue to CVE-2010-1679.",Gnu,Gnu Patch,,,0.005770000163465738,false,,false,false,false,,,false,false,,2011-03-11T22:00:00.000Z,0