10 matches found
Linux Distros Unpatched Vulnerability : CVE-2023-52138
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve...
Important: engrampa
Issue Overview: Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution RCE on the target. While handling CPIO archives, the Engrampa Archive manager follows symlin...
Amazon Linux 2 : engrampa (ALASMATE-DESKTOP1.X-2024-008)
The version of engrampa installed on the remote host is prior to 1.24.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2MATE-DESKTOP1.X-2024-008 advisory. Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal...
[SECURITY] [DLA 3741-1] engrampa security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3741-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz February 26, 2024 https://wiki.debian.org/LTS -...
Debian dla-3741 : engrampa - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3741 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3741-1 [email protected] https://www.debian.org/lts/security/...
Debian dsa-5625 : engrampa - security update
The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5625 advisory. - Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full...
[SECURITY] [DSA 5625-1] engrampa security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5625-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 16, 2024 https://www.debian.org/security/faq -...
Fedora: Security Advisory (FEDORA-2024-23085d548c)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-52138
Summary: CVE-2023-52138 affects Engrampa (MATE archive manager). The vulnerability arises in handling of CPIO archives where symlinks are followed and the archiver does not validate symlink targets, enabling a path traversal that can lead to arbitrary file writes and full Remote Command Execution...
CVE-2023-52138 Path traversal via crafted cpio archives in Engrampa archivers
Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution RCE on the target. While handling CPIO archives, the Engrampa Archive manager follows symlink, cpio by defau...