Lucene search
K

26 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in Cpio

Debian’s cpio package contains a path traversal vulnerability. This issue was introduced by reverting the CVE-2015-1197 patches, which caused a regression in the --no-absolute-filenames option. Upstream has since provided a proper fix for this issue...

4.9CVSS6.1AI score0.00906EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2025/09/03 9:21 p.m.7 views

Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames.

...

4.9CVSS7AI score0.02906EPSS
Exploits4
BDU FSTEC
BDU FSTEC
added 2024/09/04 12:0 a.m.4 views

The vulnerability of the binary archiver cpio lies in the improper limitation of the path name for the limited directory, allowing a hacker to trigger a service failure.

The vulnerability of the binary archiver cpio is related to a regression issue when the --no-absolute-filenames parameter is used. Exploiting this vulnerability can allow an attacker to cause service interruptions remotely...

4CVSS5.9AI score0.00906EPSS
Exploits0References6Affected Software3
OSV
OSV
added 2024/04/29 11:23 a.m.9 views

USN-6755-1 cpio vulnerabilities

Ingo Brückl discovered that cpio contained a path traversal vulnerability. If a user or automated system were tricked into extracting a specially crafted cpio archive, an attacker could possibly use this issue to write arbitrary files outside the target directory on the host, even if using the...

4.9CVSS6.2AI score0.00906EPSS
Exploits0References2
Amazon
Amazon
added 2024/03/05 12:0 a.m.5 views

Important: cpio

Issue Overview: cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive. CVE-2015-1197 Affected Packages: cpio Issue Correction: Run dnf update cpio --releasever 2023.3.20240304 or dnf update --advisory...

1.9CVSS6.7AI score0.02906EPSS
Exploits4
NVD
NVD
added 2024/02/29 1:42 a.m.28 views

CVE-2023-7207

Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames...

4.9CVSS5.2AI score0.00906EPSS
Exploits0References5
OSV
OSV
added 2024/02/29 1:42 a.m.1 views

DEBIAN-CVE-2023-7207

Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames...

4.9CVSS5.6AI score0.00906EPSS
Exploits0References1
OSV
OSV
added 2024/02/29 1:42 a.m.7 views

CVE-2023-7207

Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames...

4.9CVSS5.3AI score0.00906EPSS
Exploits0References5
OSV
OSV
added 2024/02/29 1:42 a.m.1 views

UBUNTU-CVE-2023-7207

Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames...

4.9CVSS6.2AI score0.00906EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2024/02/29 1:42 a.m.49 views

CVE-2023-7207

Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames...

4.9CVSS6.3AI score0.00906EPSS
Exploits0References4
Prion
Prion
added 2024/02/29 1:42 a.m.24 views

Path traversal

Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames...

3.3CVSS6.8AI score0.02906EPSS
Exploits4References5
SUSE CVE
SUSE CVE
added 2024/01/06 2:49 a.m.3 views

SUSE CVE-2023-7207

Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames...

4CVSS5.2AI score0.00906EPSS
Exploits0References48
Vulnrichment
Vulnrichment
added 2024/01/05 12:39 a.m.43 views

CVE-2023-7207

Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames...

4.9CVSS6.7AI score0.00906EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2023/06/19 12:0 a.m.28 views

CVE-2023-35852

In Suricata before 6.0.13 when there is an adversary who controls an external source of rules, a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem. This is addressed in 6.0.13 by requiring...

7.5CVSS7.1AI score0.01105EPSS
Exploits0References5
OSV
OSV
added 2023/06/10 11:5 a.m.2 views

OESA-2023-1338 cpio security update

GNU cpio copies files into or out of a cpio or tar archive. The archive can be another file on the disk, a magnetic tape, or a pipe. Security Fixes: cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an...

1.9CVSS6.7AI score0.02906EPSS
Exploits4References2
OSV
OSV
added 2023/06/10 11:5 a.m.3 views

OESA-2023-1337 cpio security update

GNU cpio copies files into or out of a cpio or tar archive.The archive can be another file on the disk, a magnetic tape, or a pipe. Security Fixes: cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an...

1.9CVSS6.7AI score0.02906EPSS
Exploits4References2
OSV
OSV
added 2023/06/10 11:5 a.m.1 views

OESA-2023-1336 cpio security update

GNU cpio copies files into or out of a cpio or tar archive.The archive can be another file on the disk, a magnetic tape, or a pipe. Security Fixes: cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an...

1.9CVSS6.7AI score0.02906EPSS
Exploits4References2
Positive Technologies
Positive Technologies
added 2023/04/27 12:0 a.m.2 views

PT-2023-9341 · Debian +6 · Cpio +7

Name of the Vulnerable Software and Affected Versions: cpio affected versions not specified Description: The issue is related to a path traversal vulnerability in Debian's cpio, which was introduced by reverting patches for a previous issue. This vulnerability is associated with a regression when...

7.8CVSS6.7AI score0.0415EPSS
Exploits2References68
SUSE CVE
SUSE CVE
added 2023/02/15 5:22 a.m.3 views

SUSE CVE-2015-1197

cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive...

1.9CVSS6.8AI score0.02906EPSS
Exploits4References4
CNVD
CNVD
added 2018/01/31 12:0 a.m.3 views

cpio security bypass vulnerability

cpio is a set of file backup tools developed by the GNU Project for use in the UNIX operating system and as a file format. The tool supports depositing and reading files from cpio or tar-formatted archive packages. A security vulnerability exists in cpio 2.7 and later versions, which stems from t...

7AI score
Exploits3References1
Rows per page
Query Builder