Lucene search
Arch LinuxASA-201503-22HistoryMar 23, 2015 - 12:00 a.m.
cpio: directory traversal
2015-03-2300:00:00
Arch Linux
lists.archlinux.org
23
1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:M/Au:N/C:N/I:P/A:N
0.0004 Low
EPSS
Percentile
8.2%
It was reported that cpio is vulnerable to a directory traversal
vulnerability when using the --no-absolute-filenames option. While
extracting an archive, it will extract symlinks and then follow them if
they are referenced in further entries. This can be exploited by a rogue
archive to write to files outside the current directory.
Related
nessus
nessus
EulerOS Virtualization for ARM 64 3.0.2.0 : cpio (EulerOS-SA-2020-1962)
2020-09-08 00:00:00
Mandriva Linux Security Advisory : cpio (MDVSA-2015:066)
2015-03-30 00:00:00
EulerOS Virtualization 2.10.0 : cpio (EulerOS-SA-2023-3463)
2024-01-16 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for cpio (EulerOS-SA-2024-1425)
2024-03-21 00:00:00
Huawei EulerOS: Security Advisory for cpio (EulerOS-SA-2023-3463)
2023-12-22 00:00:00
Huawei EulerOS: Security Advisory for cpio (EulerOS-SA-2023-3167)
2023-11-10 00:00:00
prion
prion
Code injection
2015-02-19 15:59:00
Path traversal
2024-02-29 01:42:00
debiancve
debiancve
CVE-2015-1197
2015-02-19 15:59:00
CVE-2023-7207
2024-02-29 01:42:59
amazon
amazon
Important: cpio
2024-02-29 10:03:00
Important: cpio
2024-02-28 23:54:00
ubuntucve
ubuntucve
CVE-2015-1197
2015-02-19 00:00:00
CVE-2023-7207
2024-02-29 00:00:00
securityvulns
securityvulns
[ MDVSA-2015:066 ] cpio
2015-04-20 00:00:00
libarchive directory traversal
2015-04-20 00:00:00
alpinelinux
alpinelinux
CVE-2015-1197
2015-02-19 15:59:00
cve
cve
thn
thn
freebsd
freebsd
cpio -- multiple vulnerabilities
2015-03-27 00:00:00
GNU cpio -- multiple vulnerabilities
2019-11-06 00:00:00
mageia
mageia
Updated cpio package fixes security vulnerability
2015-02-19 17:43:07
Updated cpio packages fix security vulnerabilities
2019-11-14 19:58:51
gentoo
gentoo
GNU cpio: Multiple vulnerabilities
2015-02-15 00:00:00
packetstorm
packetstorm
Zimbra Collaboration Suite TAR Path Traversal
2022-10-20 00:00:00
metasploit
metasploit
TAR Path Traversal in Zimbra (CVE-2022-41352)
2022-10-06 17:23:53
zdt
zdt
Zimbra Collaboration Suite TAR Path Traversal Exploit
2022-10-21 00:00:00
ubuntu
ubuntu
GNU cpio vulnerabilities
2016-02-22 00:00:00
securelist
securelist
Ongoing exploitation of CVE-2022-41352 (Zimbra 0-day)
2022-10-13 08:00:21
redhatcve
redhatcve
CVE-2023-7207
2024-02-29 08:04:56
CVE-2017-7516
2018-01-29 12:50:11
attackerkb
attackerkb
CVE-2022-41352
2022-09-26 00:00:00
rapid7blog
rapid7blog
1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:M/Au:N/C:N/I:P/A:N
0.0004 Low
EPSS
Percentile
8.2%
Related for ASA-201503-22