9 matches found
Important: engrampa
Issue Overview: Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution RCE on the target. While handling CPIO archives, the Engrampa Archive manager follows symlin...
Amazon Linux 2 : engrampa (ALASMATE-DESKTOP1.X-2024-008)
The version of engrampa installed on the remote host is prior to 1.24.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2MATE-DESKTOP1.X-2024-008 advisory. Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal...
[SECURITY] [DLA 3741-1] engrampa security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3741-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz February 26, 2024 https://wiki.debian.org/LTS -...
Debian dla-3741 : engrampa - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3741 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3741-1 [email protected] https://www.debian.org/lts/security/...
Debian dsa-5625 : engrampa - security update
The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5625 advisory. - Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full...
[SECURITY] [DSA 5625-1] engrampa security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5625-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 16, 2024 https://www.debian.org/security/faq -...
Fedora: Security Advisory (FEDORA-2024-23085d548c)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-52138 Path traversal via crafted cpio archives in Engrampa archivers
Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution RCE on the target. While handling CPIO archives, the Engrampa Archive manager follows symlink, cpio by defau...
CVE-2023-52138
Summary: CVE-2023-52138 affects Engrampa (MATE archive manager). The vulnerability arises in handling of CPIO archives where symlinks are followed and the archiver does not validate symlink targets, enabling a path traversal that can lead to arbitrary file writes and full Remote Command Execution...