22 matches found
SUSE-SU-2026:20592-1 Security update for 7zip
This update for 7zip fixes the following issues: - Update to 25.01 boo1249130 The code for handling symbolic links has been changed to provide greater security when extracting files from archives Command line switch -snld20 can be used to bypass default security checks when creating symbolic link...
OESA-2024-1588 engrampa security update
Mate File Archiver is an application for creating and viewing archives files, such as zip, xv, bzip2, cab, rar and other compress formats. Security Fixes: Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be...
Important: engrampa
Issue Overview: Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution RCE on the target. While handling CPIO archives, the Engrampa Archive manager follows symlin...
Debian dla-3741 : engrampa - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3741 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3741-1 [email protected] https://www.debian.org/lts/security/...
Path Traversal
engrampa is vulneravle to Path Traversal. The vulnerability occurs an application does not properly validate or sanitize user input during the handling of CPIO archives which does not adequately check the symlink location. It allows an attacker arbitrary file writes to unintended locations and ca...
Fedora 39 : engrampa (2024-23085d548c)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-23085d548c advisory. - update to 1.26.2 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...
Fedora 38 : engrampa (2024-8dc64f8f59)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-8dc64f8f59 advisory. - update to 1.26.2 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...
SUSE CVE-2023-52138
Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution RCE on the target. While handling CPIO archives, the Engrampa Archive manager follows symlink, cpio by defau...
CVE-2023-52138
Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution RCE on the target. While handling CPIO archives, the Engrampa Archive manager follows symlink, cpio by defau...
CVE-2023-52138
Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution RCE on the target. While handling CPIO archives, the Engrampa Archive manager follows symlink, cpio by defau...
DEBIAN-CVE-2023-52138
Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution RCE on the target. While handling CPIO archives, the Engrampa Archive manager follows symlink, cpio by defau...
Path traversal
Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution RCE on the target. While handling CPIO archives, the Engrampa Archive manager follows symlink, cpio by defau...
CVE-2023-52138
Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution RCE on the target. While handling CPIO archives, the Engrampa Archive manager follows symlink, cpio by defau...
CVE-2023-52138 Path traversal via crafted cpio archives in Engrampa archivers
Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution RCE on the target. While handling CPIO archives, the Engrampa Archive manager follows symlink, cpio by defau...
CVE-2023-52138
Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution RCE on the target. While handling CPIO archives, the Engrampa Archive manager follows symlink, cpio by defau...
CVE-2023-52138 Path traversal via crafted cpio archives in Engrampa archivers
Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution RCE on the target. While handling CPIO archives, the Engrampa Archive manager follows symlink, cpio by defau...
CVE-2023-52138 Path traversal via crafted cpio archives in Engrampa archivers
Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution RCE on the target. While handling CPIO archives, the Engrampa Archive manager follows symlink, cpio by defau...
PT-2024-2452 · Mate +1 · Engrampa +1
Name of the Vulnerable Software and Affected Versions: Engrampa versions prior to the version that includes commit 63d5dfa Description: The issue is related to a Path Traversal vulnerability in Engrampa, an archive manager for the MATE environment. This vulnerability can be leveraged to achieve...
libarchive: Memory allocate error with symbolic links in cpio archives
A vulnerability was found in libarchive. A specially crafted cpio archive containing a symbolic link to a ridiculously large target path can cause memory allocation to fail, resulting in any attempt to view or extract the archive crashing...
SUSE SLED12 / SLES12 Security Update : libarchive (SUSE-SU-2016:1909-1)
libarchive was updated to fix 20 security issues. These security issues were fixed : - CVE-2015-8918: Overlapping memcpy in CAB parser bsc985698. - CVE-2015-8919: Heap out of bounds read in LHA/LZH parser bsc985697. - CVE-2015-8920: Stack out of bounds read in ar parser bsc985675. - CVE-2015-8921...