Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/patch@2.8-2?distro=trixie
Typedeb
Namespacedebian
Namepatch
Version2.8-2
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-1pm2-zhtr-yqda
vulnerability_id VCID-1pm2-zhtr-yqda
summary A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1396.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1396.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-1396
reference_id
reference_type
scores
0
value 0.03663
scoring_system epss
scoring_elements 0.88096
published_at 2026-06-04T12:55:00Z
1
value 0.03663
scoring_system epss
scoring_elements 0.88117
published_at 2026-06-05T12:55:00Z
2
value 0.03663
scoring_system epss
scoring_elements 0.8812
published_at 2026-06-06T12:55:00Z
3
value 0.03663
scoring_system epss
scoring_elements 0.88119
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-1396
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1396
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1396
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1186764
reference_id 1186764
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1186764
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775901
reference_id 775901
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775901
5
reference_url https://usn.ubuntu.com/2651-1/
reference_id USN-2651-1
reference_type
scores
url https://usn.ubuntu.com/2651-1/
fixed_packages
0
url pkg:deb/debian/patch@2.7.3-1?distro=trixie
purl pkg:deb/debian/patch@2.7.3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.3-1%3Fdistro=trixie
1
url pkg:deb/debian/patch@2.7.6-7?distro=trixie
purl pkg:deb/debian/patch@2.7.6-7?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.6-7%3Fdistro=trixie
2
url pkg:deb/debian/patch@2.8-2?distro=trixie
purl pkg:deb/debian/patch@2.8-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.8-2%3Fdistro=trixie
aliases CVE-2015-1396
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1pm2-zhtr-yqda
1
url VCID-6e5u-5bt9-kbdu
vulnerability_id VCID-6e5u-5bt9-kbdu
summary GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vulnerability in the function another_hunk in pch.c that can cause a denial of service via a crafted patch file. NOTE: this issue exists because of an incomplete fix for CVE-2018-6952.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20633.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20633.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-20633
reference_id
reference_type
scores
0
value 0.00115
scoring_system epss
scoring_elements 0.2974
published_at 2026-06-04T12:55:00Z
1
value 0.00115
scoring_system epss
scoring_elements 0.29808
published_at 2026-06-05T12:55:00Z
2
value 0.00115
scoring_system epss
scoring_elements 0.29771
published_at 2026-06-06T12:55:00Z
3
value 0.00115
scoring_system epss
scoring_elements 0.29739
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-20633
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1818934
reference_id 1818934
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1818934
fixed_packages
0
url pkg:deb/debian/patch@0?distro=trixie
purl pkg:deb/debian/patch@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@0%3Fdistro=trixie
1
url pkg:deb/debian/patch@2.7.6-7?distro=trixie
purl pkg:deb/debian/patch@2.7.6-7?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.6-7%3Fdistro=trixie
2
url pkg:deb/debian/patch@2.8-2?distro=trixie
purl pkg:deb/debian/patch@2.8-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.8-2%3Fdistro=trixie
aliases CVE-2019-20633
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6e5u-5bt9-kbdu
2
url VCID-8q8b-ycpu-e3ea
vulnerability_id VCID-8q8b-ycpu-e3ea
summary Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1395.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1395.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-1395
reference_id
reference_type
scores
0
value 0.04141
scoring_system epss
scoring_elements 0.88847
published_at 2026-06-04T12:55:00Z
1
value 0.04141
scoring_system epss
scoring_elements 0.88864
published_at 2026-06-06T12:55:00Z
2
value 0.04141
scoring_system epss
scoring_elements 0.88862
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-1395
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1395
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1395
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1184490
reference_id 1184490
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1184490
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775873
reference_id 775873
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775873
5
reference_url https://usn.ubuntu.com/2651-1/
reference_id USN-2651-1
reference_type
scores
url https://usn.ubuntu.com/2651-1/
fixed_packages
0
url pkg:deb/debian/patch@2.7.3-1?distro=trixie
purl pkg:deb/debian/patch@2.7.3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.3-1%3Fdistro=trixie
1
url pkg:deb/debian/patch@2.7.6-7?distro=trixie
purl pkg:deb/debian/patch@2.7.6-7?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.6-7%3Fdistro=trixie
2
url pkg:deb/debian/patch@2.8-2?distro=trixie
purl pkg:deb/debian/patch@2.8-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.8-2%3Fdistro=trixie
aliases CVE-2015-1395
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8q8b-ycpu-e3ea
3
url VCID-e8dg-1v5z-9fc4
vulnerability_id VCID-e8dg-1v5z-9fc4
summary Larry Wall's patch; patch in FreeBSD 10.2-RC1 before 10.2-RC1-p1, 10.2 before 10.2-BETA2-p2, and 10.1 before 10.1-RELEASE-p16; Bitrig; GNU patch before 2.2.5; and possibly other patch variants allow remote attackers to execute arbitrary shell commands via a crafted patch file.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-1416
reference_id
reference_type
scores
0
value 0.00878
scoring_system epss
scoring_elements 0.75679
published_at 2026-06-04T12:55:00Z
1
value 0.00878
scoring_system epss
scoring_elements 0.75706
published_at 2026-06-05T12:55:00Z
2
value 0.00878
scoring_system epss
scoring_elements 0.75703
published_at 2026-06-06T12:55:00Z
3
value 0.00878
scoring_system epss
scoring_elements 0.75693
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-1416
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1416
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1416
fixed_packages
0
url pkg:deb/debian/patch@2.5-1?distro=trixie
purl pkg:deb/debian/patch@2.5-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.5-1%3Fdistro=trixie
1
url pkg:deb/debian/patch@2.7.6-7?distro=trixie
purl pkg:deb/debian/patch@2.7.6-7?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.6-7%3Fdistro=trixie
2
url pkg:deb/debian/patch@2.8-2?distro=trixie
purl pkg:deb/debian/patch@2.8-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.8-2%3Fdistro=trixie
aliases CVE-2015-1416
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e8dg-1v5z-9fc4
4
url VCID-fuan-yz1a-jbej
vulnerability_id VCID-fuan-yz1a-jbej
summary multiple issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000156.json
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000156.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1000156
reference_id
reference_type
scores
0
value 0.36762
scoring_system epss
scoring_elements 0.97233
published_at 2026-06-05T12:55:00Z
1
value 0.36762
scoring_system epss
scoring_elements 0.97236
published_at 2026-06-07T12:55:00Z
2
value 0.36762
scoring_system epss
scoring_elements 0.97229
published_at 2026-06-04T12:55:00Z
3
value 0.36762
scoring_system epss
scoring_elements 0.97235
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1000156
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000156
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000156
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1564326
reference_id 1564326
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1564326
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894993
reference_id 894993
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894993
6
reference_url https://security.archlinux.org/ASA-201810-8
reference_id ASA-201810-8
reference_type
scores
url https://security.archlinux.org/ASA-201810-8
7
reference_url https://security.archlinux.org/ASA-201811-14
reference_id ASA-201811-14
reference_type
scores
url https://security.archlinux.org/ASA-201811-14
8
reference_url https://security.archlinux.org/AVG-619
reference_id AVG-619
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-619
9
reference_url https://security.archlinux.org/AVG-808
reference_id AVG-808
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-808
10
reference_url https://security.gentoo.org/glsa/201904-17
reference_id GLSA-201904-17
reference_type
scores
url https://security.gentoo.org/glsa/201904-17
11
reference_url https://access.redhat.com/errata/RHSA-2018:1199
reference_id RHSA-2018:1199
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:1199
12
reference_url https://access.redhat.com/errata/RHSA-2018:1200
reference_id RHSA-2018:1200
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:1200
13
reference_url https://access.redhat.com/errata/RHSA-2018:2091
reference_id RHSA-2018:2091
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2091
14
reference_url https://access.redhat.com/errata/RHSA-2018:2092
reference_id RHSA-2018:2092
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2092
15
reference_url https://access.redhat.com/errata/RHSA-2018:2093
reference_id RHSA-2018:2093
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2093
16
reference_url https://access.redhat.com/errata/RHSA-2018:2094
reference_id RHSA-2018:2094
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2094
17
reference_url https://access.redhat.com/errata/RHSA-2018:2095
reference_id RHSA-2018:2095
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2095
18
reference_url https://access.redhat.com/errata/RHSA-2018:2096
reference_id RHSA-2018:2096
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2096
19
reference_url https://access.redhat.com/errata/RHSA-2018:2097
reference_id RHSA-2018:2097
reference_type
scores
url https://access.redhat.com/errata/RHSA-2018:2097
20
reference_url https://usn.ubuntu.com/3624-1/
reference_id USN-3624-1
reference_type
scores
url https://usn.ubuntu.com/3624-1/
21
reference_url https://usn.ubuntu.com/3624-2/
reference_id USN-3624-2
reference_type
scores
url https://usn.ubuntu.com/3624-2/
fixed_packages
0
url pkg:deb/debian/patch@2.7.6-2?distro=trixie
purl pkg:deb/debian/patch@2.7.6-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.6-2%3Fdistro=trixie
1
url pkg:deb/debian/patch@2.7.6-7?distro=trixie
purl pkg:deb/debian/patch@2.7.6-7?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.6-7%3Fdistro=trixie
2
url pkg:deb/debian/patch@2.8-2?distro=trixie
purl pkg:deb/debian/patch@2.8-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.8-2%3Fdistro=trixie
aliases CVE-2018-1000156
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fuan-yz1a-jbej
5
url VCID-kxps-vxqz-wqfq
vulnerability_id VCID-kxps-vxqz-wqfq
summary In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13636.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13636.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-13636
reference_id
reference_type
scores
0
value 0.04327
scoring_system epss
scoring_elements 0.89094
published_at 2026-06-04T12:55:00Z
1
value 0.04327
scoring_system epss
scoring_elements 0.89111
published_at 2026-06-07T12:55:00Z
2
value 0.04327
scoring_system epss
scoring_elements 0.89112
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-13636
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20969
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20969
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13636
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13636
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13638
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13638
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1732781
reference_id 1732781
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1732781
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932401
reference_id 932401
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932401
8
reference_url https://security.gentoo.org/glsa/201908-22
reference_id GLSA-201908-22
reference_type
scores
url https://security.gentoo.org/glsa/201908-22
9
reference_url https://access.redhat.com/errata/RHSA-2020:1852
reference_id RHSA-2020:1852
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1852
10
reference_url https://usn.ubuntu.com/4071-1/
reference_id USN-4071-1
reference_type
scores
url https://usn.ubuntu.com/4071-1/
11
reference_url https://usn.ubuntu.com/4071-2/
reference_id USN-4071-2
reference_type
scores
url https://usn.ubuntu.com/4071-2/
fixed_packages
0
url pkg:deb/debian/patch@2.7.6-5?distro=trixie
purl pkg:deb/debian/patch@2.7.6-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.6-5%3Fdistro=trixie
1
url pkg:deb/debian/patch@2.7.6-7?distro=trixie
purl pkg:deb/debian/patch@2.7.6-7?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.6-7%3Fdistro=trixie
2
url pkg:deb/debian/patch@2.8-2?distro=trixie
purl pkg:deb/debian/patch@2.8-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.8-2%3Fdistro=trixie
aliases CVE-2019-13636
risk_score 2.6
exploitability 0.5
weighted_severity 5.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kxps-vxqz-wqfq
6
url VCID-mfsr-c5z2-hfh4
vulnerability_id VCID-mfsr-c5z2-hfh4
summary GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13638.json
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13638.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-13638
reference_id
reference_type
scores
0
value 0.0205
scoring_system epss
scoring_elements 0.84188
published_at 2026-06-04T12:55:00Z
1
value 0.0205
scoring_system epss
scoring_elements 0.84212
published_at 2026-06-05T12:55:00Z
2
value 0.0205
scoring_system epss
scoring_elements 0.84215
published_at 2026-06-06T12:55:00Z
3
value 0.0205
scoring_system epss
scoring_elements 0.84209
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-13638
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20969
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20969
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13636
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13636
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13638
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13638
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1733916
reference_id 1733916
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1733916
7
reference_url https://security.gentoo.org/glsa/201908-22
reference_id GLSA-201908-22
reference_type
scores
url https://security.gentoo.org/glsa/201908-22
8
reference_url https://access.redhat.com/errata/RHSA-2019:2798
reference_id RHSA-2019:2798
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2798
9
reference_url https://access.redhat.com/errata/RHSA-2019:2964
reference_id RHSA-2019:2964
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2964
10
reference_url https://access.redhat.com/errata/RHSA-2019:3757
reference_id RHSA-2019:3757
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3757
11
reference_url https://access.redhat.com/errata/RHSA-2019:3758
reference_id RHSA-2019:3758
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3758
12
reference_url https://access.redhat.com/errata/RHSA-2019:4061
reference_id RHSA-2019:4061
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:4061
13
reference_url https://usn.ubuntu.com/4071-1/
reference_id USN-4071-1
reference_type
scores
url https://usn.ubuntu.com/4071-1/
14
reference_url https://usn.ubuntu.com/4071-2/
reference_id USN-4071-2
reference_type
scores
url https://usn.ubuntu.com/4071-2/
fixed_packages
0
url pkg:deb/debian/patch@2.7.6-5?distro=trixie
purl pkg:deb/debian/patch@2.7.6-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.6-5%3Fdistro=trixie
1
url pkg:deb/debian/patch@2.7.6-7?distro=trixie
purl pkg:deb/debian/patch@2.7.6-7?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.6-7%3Fdistro=trixie
2
url pkg:deb/debian/patch@2.8-2?distro=trixie
purl pkg:deb/debian/patch@2.8-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.8-2%3Fdistro=trixie
aliases CVE-2019-13638
risk_score 3.5
exploitability 0.5
weighted_severity 7.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mfsr-c5z2-hfh4
7
url VCID-qp3r-313a-juev
vulnerability_id VCID-qp3r-313a-juev
summary GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1196.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1196.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-1196
reference_id
reference_type
scores
0
value 0.00853
scoring_system epss
scoring_elements 0.75278
published_at 2026-06-04T12:55:00Z
1
value 0.00853
scoring_system epss
scoring_elements 0.75308
published_at 2026-06-05T12:55:00Z
2
value 0.00853
scoring_system epss
scoring_elements 0.75311
published_at 2026-06-06T12:55:00Z
3
value 0.00853
scoring_system epss
scoring_elements 0.75303
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-1196
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1196
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1196
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1182154
reference_id 1182154
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1182154
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775227
reference_id 775227
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775227
5
reference_url https://usn.ubuntu.com/2651-1/
reference_id USN-2651-1
reference_type
scores
url https://usn.ubuntu.com/2651-1/
fixed_packages
0
url pkg:deb/debian/patch@2.7.1-7?distro=trixie
purl pkg:deb/debian/patch@2.7.1-7?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.1-7%3Fdistro=trixie
1
url pkg:deb/debian/patch@2.7.6-7?distro=trixie
purl pkg:deb/debian/patch@2.7.6-7?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.6-7%3Fdistro=trixie
2
url pkg:deb/debian/patch@2.8-2?distro=trixie
purl pkg:deb/debian/patch@2.8-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.8-2%3Fdistro=trixie
aliases CVE-2015-1196
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qp3r-313a-juev
8
url VCID-t9q9-5hw4-73cs
vulnerability_id VCID-t9q9-5hw4-73cs
summary An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10713.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10713.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-10713
reference_id
reference_type
scores
0
value 0.00526
scoring_system epss
scoring_elements 0.67425
published_at 2026-06-06T12:55:00Z
1
value 0.00526
scoring_system epss
scoring_elements 0.67414
published_at 2026-06-07T12:55:00Z
2
value 0.00526
scoring_system epss
scoring_elements 0.67377
published_at 2026-06-04T12:55:00Z
3
value 0.00526
scoring_system epss
scoring_elements 0.67418
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-10713
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10713
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10713
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1545405
reference_id 1545405
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1545405
5
reference_url https://security.archlinux.org/AVG-618
reference_id AVG-618
reference_type
scores
0
value Low
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-618
6
reference_url https://access.redhat.com/errata/RHSA-2019:2033
reference_id RHSA-2019:2033
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2033
7
reference_url https://usn.ubuntu.com/3624-1/
reference_id USN-3624-1
reference_type
scores
url https://usn.ubuntu.com/3624-1/
8
reference_url https://usn.ubuntu.com/3624-2/
reference_id USN-3624-2
reference_type
scores
url https://usn.ubuntu.com/3624-2/
fixed_packages
0
url pkg:deb/debian/patch@2.7.6-1?distro=trixie
purl pkg:deb/debian/patch@2.7.6-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.6-1%3Fdistro=trixie
1
url pkg:deb/debian/patch@2.7.6-7?distro=trixie
purl pkg:deb/debian/patch@2.7.6-7?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.6-7%3Fdistro=trixie
2
url pkg:deb/debian/patch@2.8-2?distro=trixie
purl pkg:deb/debian/patch@2.8-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.8-2%3Fdistro=trixie
aliases CVE-2016-10713
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t9q9-5hw4-73cs
9
url VCID-uqw2-mt6f-quc1
vulnerability_id VCID-uqw2-mt6f-quc1
summary GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9637.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9637.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2014-9637
reference_id
reference_type
scores
0
value 0.00319
scoring_system epss
scoring_elements 0.55292
published_at 2026-06-04T12:55:00Z
1
value 0.00362
scoring_system epss
scoring_elements 0.58627
published_at 2026-06-07T12:55:00Z
2
value 0.00362
scoring_system epss
scoring_elements 0.58634
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2014-9637
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9637
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9637
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1185262
reference_id 1185262
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1185262
4
reference_url https://usn.ubuntu.com/2651-1/
reference_id USN-2651-1
reference_type
scores
url https://usn.ubuntu.com/2651-1/
fixed_packages
0
url pkg:deb/debian/patch@2.7.1-7?distro=trixie
purl pkg:deb/debian/patch@2.7.1-7?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.1-7%3Fdistro=trixie
1
url pkg:deb/debian/patch@2.7.6-7?distro=trixie
purl pkg:deb/debian/patch@2.7.6-7?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.6-7%3Fdistro=trixie
2
url pkg:deb/debian/patch@2.8-2?distro=trixie
purl pkg:deb/debian/patch@2.8-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.8-2%3Fdistro=trixie
aliases CVE-2014-9637
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uqw2-mt6f-quc1
10
url VCID-ycqe-xdf8-x3du
vulnerability_id VCID-ycqe-xdf8-x3du
summary do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20969.json
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20969.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-20969
reference_id
reference_type
scores
0
value 0.00364
scoring_system epss
scoring_elements 0.58773
published_at 2026-06-04T12:55:00Z
1
value 0.00364
scoring_system epss
scoring_elements 0.5882
published_at 2026-06-05T12:55:00Z
2
value 0.00364
scoring_system epss
scoring_elements 0.58825
published_at 2026-06-06T12:55:00Z
3
value 0.00364
scoring_system epss
scoring_elements 0.58817
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-20969
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20969
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20969
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13636
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13636
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13638
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13638
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1746672
reference_id 1746672
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1746672
6
reference_url https://access.redhat.com/errata/RHSA-2019:2798
reference_id RHSA-2019:2798
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2798
7
reference_url https://access.redhat.com/errata/RHSA-2019:2964
reference_id RHSA-2019:2964
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:2964
8
reference_url https://access.redhat.com/errata/RHSA-2019:3757
reference_id RHSA-2019:3757
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3757
9
reference_url https://access.redhat.com/errata/RHSA-2019:3758
reference_id RHSA-2019:3758
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3758
10
reference_url https://access.redhat.com/errata/RHSA-2019:4061
reference_id RHSA-2019:4061
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:4061
fixed_packages
0
url pkg:deb/debian/patch@2.7.6-5?distro=trixie
purl pkg:deb/debian/patch@2.7.6-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.6-5%3Fdistro=trixie
1
url pkg:deb/debian/patch@2.7.6-7?distro=trixie
purl pkg:deb/debian/patch@2.7.6-7?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.7.6-7%3Fdistro=trixie
2
url pkg:deb/debian/patch@2.8-2?distro=trixie
purl pkg:deb/debian/patch@2.8-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.8-2%3Fdistro=trixie
aliases CVE-2018-20969
risk_score 3.5
exploitability 0.5
weighted_severity 7.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ycqe-xdf8-x3du
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/patch@2.8-2%3Fdistro=trixie