Lucene search
K

27 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.11 views

Astra Linux – Vulnerability in Cpio

In all versions of cpio before 2.13, input files are not properly validated when generating TAR archives. When cpio is used to create TAR archives from paths that attackers can access, the resulting archive may contain files with permissions that the attacker does not have, or in paths to which t...

7.3CVSS6.6AI score0.00686EPSS
Exploits1References2
CVE
CVE
added 2026/05/15 7:46 a.m.13 views

CVE-2026-6403

The Quick Playground plugin for WordPress (up to version 1.3.3) is vulnerable to a Path Traversal flaw. The root cause is insufficient validation in the qckply_zip_theme() function, which directly appends a user-controlled 'stylesheet' parameter to the theme root directory path without sanitizing...

7.5CVSS5.9AI score0.00811EPSS
Exploits0References11
CVE
CVE
added 2026/02/06 6:28 p.m.15 views

CVE-2026-23989

REVA (OpenCloud Reva component) contains a vulnerability in its GRPC authorization middleware that lets a malicious user bypass the public link scope verification via the archiver service, enabling creation of an archive (zip/tar) containing all resources within the link’s scope. Affected version...

8.2CVSS5.5AI score0.00273EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/06 6:28 p.m.4 views

CVE-2026-23989 REVA Public Link Exploit

REVA is an interoperability platform. Prior to 2.42.3 and 2.40.3, a bug in the GRPC authorization middleware of the "Reva" component of OpenCloud allows a malicious user to bypass the scope verification of a public link. By exploiting this via the the "archiver" service this can be leveraged to...

8.2CVSS5.5AI score0.00273EPSS
Exploits0References2
OSV
OSV
added 2026/02/06 6:28 p.m.8 views

CVE-2026-23989 REVA Public Link Exploit

REVA is an interoperability platform. Prior to 2.42.3 and 2.40.3, a bug in the GRPC authorization middleware of the "Reva" component of OpenCloud allows a malicious user to bypass the scope verification of a public link. By exploiting this via the the "archiver" service this can be leveraged to...

8.2CVSS5.5AI score0.00273EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/02/05 8:32 p.m.10 views

OpenCloud Reva has a Public Link Exploit

Impact A security issue was discovered in Reva based products that enables a malicious user to bypass the scope validation of a public link, allowing it to access resources outside the scope of a public link. Details Public link shares in OpenCloud are bound to a specific scope usually a file or...

8.2CVSS5.5AI score0.00273EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2025/12/03 8:43 p.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper path validation during an archive creation. An authenticated attacker can read files and directories outside the intended directory scope by supplying crafted paths during the archiving operation. Detail...

7.1CVSS7.3AI score0.00508EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.10 views

EUVD-2006-1273

Malware in sbrugna...

6.2CVSS6.1AI score0.00995EPSS
Exploits2References9
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/04/20 12:5 p.m.6 views

Malicious code in pyapiepo (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 69aee56f4c3bce704bc65574959aee0226417e4d6a6e05e662d6fa235c12815f Campaign is split into multiple packages that altogether exfiltrates data from desktop Telegram application. 1. "pyapiepo" is a cover package that provides som...

7.1AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/04/20 12:5 p.m.3 views

Malicious code in zmaker (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 2f4ac88a121488df2fdfa1cb5409f3443f658a30d679f20acc41dd2c656bd3b8 Campaign is split into multiple packages that altogether exfiltrates data from desktop Telegram application. 1. "pyapiepo" is a cover package that provides som...

7.1AI score
Exploits0References1
OSV
OSV
added 2025/04/20 12:5 p.m.3 views

MAL-2025-191831 Malicious code in pyapiepo (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 69aee56f4c3bce704bc65574959aee0226417e4d6a6e05e662d6fa235c12815f Campaign is split into multiple packages that altogether exfiltrates data from desktop Telegram application. 1. "pyapiepo" is a cover package that provides som...

7AI score
Exploits0References1
wpexploit
wpexploit
added 2023/06/20 12:0 a.m.63 views

3DPrint < 3.5.6.9 - CSRF to arbitrary file downlad

Description The plugin does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will create an archive of any files or directories on the target server by tricking a logged in admin into...

5.3CVSS7.1AI score0.003EPSS
Exploits2References1
SUSE CVE
SUSE CVE
added 2023/02/15 6:16 a.m.3 views

SUSE CVE-2005-4268

Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a cpio archive, allows local users to cause a denial of service crash and possibly execute arbitrary code via a file whose size is represented by more than 8 digits...

3.7CVSS7.7AI score0.00543EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:16 a.m.2 views

SUSE CVE-2006-1269

Buffer overflow in the parse function in parse.c in zoo 2.10 might allow local users to execute arbitrary code via long filename command line arguments, which are not properly handled during archive creation. NOTE: since this issue is local and not setuid, the set of attack scenarios is limited,...

6.2CVSS7.9AI score0.00995EPSS
Exploits2References4
Mageia
Mageia
added 2020/01/05 3:37 p.m.65 views

Updated apache-commons-compress- packages fix security vulnerability

pdated apache-commons-compress packages fix security vulnerability: A resource consumption vulnerability was discovered in apache-commons- compress in the way NioZipEncoding encodes filenames. Applications that use Compress to create archives, with one of the filenames within the archive being...

7.5CVSS1.1AI score0.16157EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2019/08/30 12:0 a.m.3 views

PT-2019-4757 · Gnu +7 · Cpio +7

Name of the Vulnerable Software and Affected Versions: cpio versions prior to 2.13 Description: The issue is related to the improper validation of input files when generating TAR archives. This can lead to the creation of archives containing files with permissions or in paths that the attacker di...

7.8CVSS6.1AI score0.0415EPSS
Exploits6References74
OSV
OSV
added 2019/08/01 5:15 p.m.5 views

CVE-2018-20946

cPanel before 68.0.27 allows attackers to read zone information because a world-readable archive is created by the archivesynczones script SEC-355...

3.3CVSS5.8AI score0.0035EPSS
Exploits0References2
Cent OS
Cent OS
added 2015/11/30 7:26 p.m.70 views

cpio security update

CentOS Errata and Security Advisory CESA-2015:2108 Updated cpio packages that fix one security issue and two bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base...

5CVSS6.9AI score0.07093EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2013/07/30 4:56 p.m.6 views

sosreport does not blank root password in anaconda plugin

The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file /root/anaconda-ks.cfg when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes...

4.3CVSS5.8AI score0.01429EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2007/05/01 2:5 p.m.3 views

cpio large filesize buffer overflow

Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a cpio archive, allows local users to cause a denial of service crash and possibly execute arbitrary code via a file whose size is represented by more than 8 digits...

3.7CVSS6.2AI score0.00543EPSS
Exploits1References4
Rows per page
Query Builder