Lucene search
K

94 matches found

Debian CVE
Debian CVE
added 2021/08/07 12:0 a.m.49 views

CVE-2021-38185

GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c dsfgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is...

7.8CVSS7.5AI score0.0415EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2021/08/07 12:0 a.m.5 views

PT-2021-4457 · Gnu +10 · Gnu Cpio +10

Name of the Vulnerable Software and Affected Versions: GNU cpio versions 2.13 and earlier Description: The issue is caused by an integer overflow in the dstring.c component of the GNU cpio package, specifically in the ds fgetstr function. This overflow triggers an out-of-bounds heap write, allowi...

7.8CVSS7.1AI score0.0415EPSS
Exploits6References87
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/21 7:42 p.m.28 views

Security Bulletin: IBM Bootable Media Creator (BoMC) is affected by a vulnerability in GNU cpio (CVE-2019-14866)

Summary IBM Bootable Media Creator BoMC has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-14866 DESCRIPTION: GNU cpio could allow a local authenticated attacker to gain elevated privileges on the system, caused by the failure to properly validate input files when...

7.3CVSS0.9AI score0.00686EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2021/05/18 1:30 p.m.53 views

Moderate: Red Hat Security Advisory: cpio security update

An update for cpio is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

7.3CVSS6.5AI score0.00686EPSS
Exploits1References4
AlmaLinux
AlmaLinux
added 2021/05/18 5:34 a.m.42 views

Moderate: cpio security update

The cpio packages provide the GNU cpio utility for creating and extracting archives, or copying files from one place to another. Security Fixes: cpio: improper input validation when writing tar header fields leads to unexpected tar generation CVE-2019-14866 For more details about the security...

6.9CVSS0.6AI score0.00686EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2021/02/02 10:11 p.m.80 views

Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2019-20386 DESCRIPTION: systemd is vulnerable to a denial of service, caused by a memory leak in the buttonopen function in...

9.8CVSS0.9AI score0.17939EPSS
Exploits3Affected Software1
RedHat Linux
RedHat Linux
added 2020/09/29 8:46 p.m.72 views

Moderate: Red Hat Security Advisory: cpio security update

An update for cpio is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

7.3CVSS6.5AI score0.00686EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2019/11/18 12:0 a.m.37 views

FreeBSD : GNU cpio -- multiple vulnerabilities (f59af308-07f3-11ea-8c56-f8b156b6dcc8)

Sergey Poznyakoff reports : This stable release fixes several potential vulnerabilities CVE-2015-1197: cpio, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive. CVE-2016-2037: The cpiosafernamesuffix function ...

7.3CVSS6.6AI score0.05484EPSS
Exploits5References5
Cloud Foundry
Cloud Foundry
added 2019/11/18 12:0 a.m.35 views

USN-4176-1: GNU cpio vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Thomas Habets discovered that GNU cpio incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information. CVEs contained in this USN...

7.3CVSS7.2AI score0.00686EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2019/11/07 12:0 a.m.46 views

Ubuntu 16.04 LTS / 18.04 LTS : GNU cpio vulnerability (USN-4176-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4176-1 advisory. Thomas Habets discovered that GNU cpio incorrectly handled certain inputs. An attacker could possibly use this issue to privilege escalation. Tenable...

7.3CVSS6.7AI score0.00686EPSS
Exploits1References2
Ubuntu
Ubuntu
added 2019/11/06 4:5 p.m.85 views

USN-4176-1: GNU cpio vulnerability

Thomas Habets discovered that GNU cpio incorrectly handled certain inputs. An attacker could possibly use this issue to privilege escalation...

7.3CVSS6.6AI score0.00686EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:30 a.m.25 views

Security Bulletin: Vulnerability in cpio affects PowerKVM (CVE-2014-9112)

Summary A vulnerability in GNU cpio CVE-2014-9112 affects PowerKVM. Vulnerability Details CVEID: CVE-2014-9112 DESCRIPTION: GNU cpio is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the processcopyin function. By persuading a victim to extract a specially-craft...

5CVSS1.3AI score0.07093EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2016/02/23 12:0 a.m.30 views

Ubuntu 14.04 LTS : GNU cpio vulnerabilities (USN-2906-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2906-1 advisory. Alexander Cherepanov discovered that GNU cpio incorrectly handled symbolic links when used with the --no- absolute-filenames option. If a user or automat...

6.5CVSS7.1AI score0.05484EPSS
Exploits4References3
Ubuntu
Ubuntu
added 2016/02/22 6:5 p.m.75 views

USN-2906-1: GNU cpio vulnerabilities

Alexander Cherepanov discovered that GNU cpio incorrectly handled symbolic links when used with the --no-absolute-filenames option. If a user or automated system were tricked into extracting a specially-crafted cpio archive, a remote attacker could possibly use this issue to write arbitrary files...

6.5CVSS7.1AI score0.05484EPSS
Exploits4
OpenVAS
OpenVAS
added 2015/09/29 12:0 a.m.41 views

Gentoo Security Advisory GLSA 201502-11

Gentoo Linux Local Security Checks GLSA 201502-11 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

5CVSS6.4AI score0.07093EPSS
Exploits5References1
FreeBSD
FreeBSD
added 2015/03/27 12:0 a.m.27 views

cpio -- multiple vulnerabilities

From the Debian Security Team: Heap-based buffer overflow in the processcopyin function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive. cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitra...

5CVSS8.2AI score0.07093EPSS
Exploits5References2
OSV
OSV
added 2015/02/19 2:43 p.m.9 views

MGASA-2015-0080 Updated cpio package fixes security vulnerability

In GNU Cpio 2.11, the --no-absolute-filenames option limits extracting contents of an archive to be strictly inside a current directory. However, it can be bypassed with symlinks. While extracting an archive, it will extract symlinks and then follow them if they are referenced in further entries...

5.7AI score
Exploits0References3
Mageia
Mageia
added 2015/02/19 2:43 p.m.40 views

Updated cpio package fixes security vulnerability

In GNU Cpio 2.11, the --no-absolute-filenames option limits extracting contents of an archive to be strictly inside a current directory. However, it can be bypassed with symlinks. While extracting an archive, it will extract symlinks and then follow them if they are referenced in further entries...

8AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2015/02/16 12:0 a.m.29 views

GLSA-201502-11 : GNU cpio: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201502-11 GNU cpio: Multiple vulnerabilities Two vulnerabilities have been discovered in GNU cpio: The listfile function in GNU cpio contains a heap-based buffer overflow vulnerability CVE-2014-9112 A directory traversal...

5CVSS7AI score0.07093EPSS
Exploits5References3
Gentoo Linux
Gentoo Linux
added 2015/02/15 12:0 a.m.42 views

GNU cpio: Multiple vulnerabilities

Background GNU cpio copies files into or out of a cpio or tar archive. Description Two vulnerabilities have been discovered in GNU cpio: The listfile function in GNU cpio contains a heap-based buffer overflow vulnerability CVE-2014-9112 A directory traversal vulnerability has been found in GNU cp...

5CVSS7.6AI score0.07093EPSS
Exploits5
Rows per page
Query Builder