rpm package
suse/patch&distro=SUSE Linux Enterprise Server for SAP Applications 12
pkg:rpm/suse/patch&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-1396 | — | < 2.7.5-7.1 | 2.7.5-7.1 | Nov 25, 2019 | A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196. | ||
| CVE-2015-1395 | Hig | 7.5 | < 2.7.5-7.1 | 2.7.5-7.1 | Aug 25, 2017 | Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name. | |
| CVE-2015-1196 | — | < 2.7.5-7.1 | 2.7.5-7.1 | Jan 21, 2015 | GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file. |
- CVE-2015-1396Nov 25, 2019affected < 2.7.5-7.1fixed 2.7.5-7.1
A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196.
- affected < 2.7.5-7.1fixed 2.7.5-7.1
Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.
- CVE-2015-1196Jan 21, 2015affected < 2.7.5-7.1fixed 2.7.5-7.1
GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.