Lucene search
K

16 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in Cpio

Debian’s cpio package contains a path traversal vulnerability. This issue was introduced by reverting the CVE-2015-1197 patches, which caused a regression in the --no-absolute-filenames option. Upstream has since provided a proper fix for this issue...

4.9CVSS6.1AI score0.00906EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2025/09/03 9:21 p.m.7 views

Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames.

...

4.9CVSS7AI score0.02906EPSS
Exploits4
Amazon
Amazon
added 2024/03/05 12:0 a.m.5 views

Important: cpio

Issue Overview: cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive. CVE-2015-1197 Affected Packages: cpio Issue Correction: Run dnf update cpio --releasever 2023.3.20240304 or dnf update --advisory...

1.9CVSS6.7AI score0.02906EPSS
Exploits4
NVD
NVD
added 2024/02/29 1:42 a.m.28 views

CVE-2023-7207

Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames...

4.9CVSS5.2AI score0.00906EPSS
Exploits0References5
OSV
OSV
added 2024/02/29 1:42 a.m.8 views

CVE-2023-7207

Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames...

4.9CVSS5.3AI score0.00906EPSS
Exploits0References5
OSV
OSV
added 2024/02/29 1:42 a.m.1 views

DEBIAN-CVE-2023-7207

Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames...

4.9CVSS5.6AI score0.00906EPSS
Exploits0References1
OSV
OSV
added 2024/02/29 1:42 a.m.2 views

UBUNTU-CVE-2023-7207

Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames...

4.9CVSS6.2AI score0.00906EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2024/02/29 1:42 a.m.51 views

CVE-2023-7207

Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames...

4.9CVSS6.3AI score0.00906EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2024/01/06 2:49 a.m.4 views

SUSE CVE-2023-7207

Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames...

4CVSS5.2AI score0.00906EPSS
Exploits0References48
Vulnrichment
Vulnrichment
added 2024/01/05 12:39 a.m.43 views

CVE-2023-7207

Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames...

4.9CVSS6.7AI score0.00906EPSS
Exploits0References5
OSV
OSV
added 2023/06/10 11:5 a.m.4 views

OESA-2023-1337 cpio security update

GNU cpio copies files into or out of a cpio or tar archive.The archive can be another file on the disk, a magnetic tape, or a pipe. Security Fixes: cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an...

1.9CVSS6.7AI score0.02906EPSS
Exploits4References2
Positive Technologies
Positive Technologies
added 2023/04/27 12:0 a.m.3 views

PT-2023-9341 · Debian +6 · Cpio +7

Name of the Vulnerable Software and Affected Versions: cpio affected versions not specified Description: The issue is related to a path traversal vulnerability in Debian's cpio, which was introduced by reverting patches for a previous issue. This vulnerability is associated with a regression when...

7.8CVSS6.7AI score0.0415EPSS
Exploits2References68
OSV
OSV
added 2016/02/22 6:5 p.m.2 views

USN-2906-1 cpio vulnerabilities

Alexander Cherepanov discovered that GNU cpio incorrectly handled symbolic links when used with the --no-absolute-filenames option. If a user or automated system were tricked into extracting a specially-crafted cpio archive, a remote attacker could possibly use this issue to write arbitrary files...

6.5CVSS6.8AI score0.05484EPSS
Exploits4References3
OSV
OSV
added 2015/02/19 3:59 p.m.1 views

DEBIAN-CVE-2015-1197

cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive...

1.9CVSS6AI score0.02906EPSS
Exploits4References1
NVD
NVD
added 2015/02/19 3:59 p.m.17 views

CVE-2015-1197

cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive...

1.9CVSS5.2AI score0.02906EPSS
Exploits4References11
OSV
OSV
added 2015/02/19 12:0 a.m.5 views

UBUNTU-CVE-2015-1197

cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive...

1.9CVSS6.8AI score0.02906EPSS
Exploits4References3
Rows per page
Query Builder