Lucene search
+L

94 matches found

Tenable Nessus
Tenable Nessus
added 2022/05/18 12:0 a.m.33 views

Oracle Linux 8 : cpio (ELSA-2022-1991)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2022-1991 advisory. 2.12-11 - Fixed CVE-2021-38185 1992511 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus...

7.8CVSS6.9AI score0.04131EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2022/05/12 12:0 a.m.28 views

AlmaLinux 8 : cpio (ALSA-2022:1991)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2022:1991 advisory. - GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an...

7.8CVSS7.5AI score0.04131EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2022/01/28 12:0 a.m.33 views

Ubuntu 16.04 ESM : GNU cpio vulnerability (USN-5064-2)

The remote Ubuntu 16.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-5064-2 advisory. USN-5064-1 fixed vulnerabilities in GNU cpio. This update provides the corresponding updates for Ubuntu 16.04 ESM. Tenable has extracted the preceding description...

7.8CVSS6.9AI score0.04131EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.16 views

Mageia: Security Advisory (MGASA-2015-0080)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

1.9CVSS6.2AI score0.02906EPSS
Exploits4References4
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.14 views

Mageia: Security Advisory (MGASA-2021-0423)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS8AI score0.04131EPSS
Exploits1References6
Ubuntu
Ubuntu
added 2022/01/27 5:25 p.m.105 views

USN-5064-2: GNU cpio vulnerability

USN-5064-1 fixed vulnerabilities in GNU cpio. This update provides the corresponding updates for Ubuntu 16.04 ESM. Original advisory details: Maverick Chung and Qiaoyi Fang discovered that cpio incorrectly handled certain pattern files. A remote attacker could use this issue to cause cpio to cras...

7.8CVSS7AI score0.04131EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2021/11/17 12:0 a.m.30 views

EulerOS Virtualization 2.9.1 : cpio (EulerOS-SA-2021-2749)

According to the versions of the cpio package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr intege...

7.8CVSS7.5AI score0.04131EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2021/11/03 12:0 a.m.21 views

Huawei EulerOS: Security Advisory for cpio (EulerOS-SA-2021-2626)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.9AI score0.04131EPSS
Exploits1References2
OSV
OSV
added 2021/09/23 4:49 a.m.8 views

MGASA-2021-0423 Updated cpio packages fix security vulnerability

GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. CVE-2021-38185...

7.8CVSS8AI score0.04131EPSS
Exploits1References5
Ubuntu
Ubuntu
added 2021/09/08 11:14 a.m.126 views

USN-5064-1: GNU cpio vulnerability

Maverick Chung and Qiaoyi Fang discovered that cpio incorrectly handled certain pattern files. A remote attacker could use this issue to cause cpio to crash, resulting in a denial of service, or possibly execute arbitrary code...

7.8CVSS7AI score0.04131EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2021/09/08 12:0 a.m.24 views

Ubuntu 18.04 LTS / 20.04 LTS : GNU cpio vulnerability (USN-5064-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5064-1 advisory. Maverick Chung and Qiaoyi Fang discovered that cpio incorrectly handled certain pattern files. A remote attacker could use this issue to cause cpio to...

7.8CVSS7.2AI score0.04131EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2021/08/24 12:0 a.m.25 views

SUSE SLES11 Security Update : cpio (SUSE-SU-2021:14788-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2021:14788-1 advisory. - A patch previously applied to remedy CVE-2021-38185 introduced a regression that had the potential to cause a segmentation fault in cpio. bsc1189465...

7.8CVSS6.8AI score0.04131EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2021/08/24 12:0 a.m.38 views

SUSE SLES12 Security Update : cpio (SUSE-SU-2021:2808-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:2808-1 advisory. - A patch previously applied to remedy CVE-2021-38185 introduced a regression that had the potential to cause a segmentation fault in cpio...

7.8CVSS6.8AI score0.04131EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2021/08/15 12:0 a.m.65 views

SUSE SLES12 Security Update : cpio (SUSE-SU-2021:2686-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:2686-1 advisory. It was possible to trigger Remote code execution due to a integer overflow CVE-2021-38185, bsc1189206 Tenable has extracted the preceding...

7.8CVSS7.3AI score0.04131EPSS
Exploits1References4
OSV
OSV
added 2021/08/08 12:15 a.m.1 views

DEBIAN-CVE-2021-38185

GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is...

7.8CVSS7.5AI score0.04131EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2021/08/08 12:15 a.m.41 views

CVE-2021-38185

GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is...

7.8CVSS7.1AI score0.04131EPSS
Exploits1References7
Prion
Prion
added 2021/08/08 12:15 a.m.32 views

Integer overflow

GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is...

6.8CVSS7.9AI score0.04131EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2021/08/08 12:15 a.m.10 views

UBUNTU-CVE-2021-38185

GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is...

7.8CVSS7.2AI score0.04131EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2021/08/07 12:0 a.m.6 views

PT-2021-4457 · Gnu +10 · Gnu Cpio +10

Name of the Vulnerable Software and Affected Versions: GNU cpio versions 2.13 and earlier Description: The issue is caused by an integer overflow in the dstring.c component of the GNU cpio package, specifically in the ds fgetstr function. This overflow triggers an out-of-bounds heap write, allowi...

7.8CVSS7.1AI score0.04131EPSS
Exploits6References87
Vulnrichment
Vulnrichment
added 2021/08/07 12:0 a.m.5 views

CVE-2021-38185

GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is...

8.2AI score0.04131EPSS
Exploits1References5
Rows per page
Query Builder