Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cpio vulnerabilities and exploits
(subscribe to this query)
NA
CVE-1999-1572
cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.
Mandrakesoft Mandrake Linux Cs3.0
Redhat Enterprise Linux 4.0
Debian Debian Linux 3.0
Freebsd Freebsd 2.1.0
Mandrakesoft Mandrake Linux 10.0
Mandrakesoft Mandrake Linux 10.1
Redhat Enterprise Linux Desktop 4.0
Ubuntu Ubuntu Linux 4.10
Mandrakesoft Mandrake Linux 9.2
Mandrakesoft Mandrake Linux Cs2.1
NA
CVE-2023-7207
Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames.
NA
CVE-2007-4476
Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."
Gnu Tar
Debian Debian Linux 3.1
Debian Debian Linux 4.0
Canonical Ubuntu Linux 6.06
Canonical Ubuntu Linux 7.04
Canonical Ubuntu Linux 7.10
1 EDB exploit
5.5
CVSSv3
CVE-2015-8915
bsdcpio in libarchive prior to 3.2.0 allows remote malicious users to cause a denial of service (invalid read and crash) via crafted cpio file.
Libarchive Libarchive
9.6
CVSSv3
CVE-2023-52138
Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution (RCE) on the target. While handling CPIO archives, the Engrampa Archive manager follows sym...
Mate-desktop Engrampa
7.5
CVSSv3
CVE-2020-7666
This affects all versions of package github.com/u-root/u-root/pkg/cpio. It is vulnerable to leading, non-leading relative path traversal attacks and symlink based (relative and absolute) path traversal attacks in cpio file extraction.
U-root U-root
7.8
CVSSv3
CVE-2023-39810
An issue in the CPIO command of Busybox v1.33.2 allows malicious users to execute a directory traversal.
Busybox Busybox 1.33.2
Busybox Busybox 1.30.1
7.5
CVSSv3
CVE-2020-7667
In package github.com/sassoftware/go-rpmutils/cpio before version 0.1.0, the CPIO extraction functionality doesn't sanitize the paths of the archived files for leading and non-leading ".." which leads in file extraction outside of the current directory. Note: the f...
Sas Go Rpm Utils
9.8
CVSSv3
CVE-2022-41352
An issue exists in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over...
Zimbra Collaboration 9.0.0
Zimbra Collaboration 8.8.15
1 Metasploit module
4 Github repositories
1 Article
NA
CVE-2008-4217
Integer signedness error in BOM in Apple Mac OS X prior to 10.5.6 allows remote malicious users to execute arbitrary code via the headers in a crafted CPIO archive, leading to a stack-based buffer overflow.
Apple Mac Os X Server 10.4.11
Apple Mac Os X 10.4.11
Apple Mac Os X Server 10.5.1
Apple Mac Os X Server 10.5.2
Apple Mac Os X 10.5.2
Apple Mac Os X 10.5.3
Apple Mac Os X Server
Apple Mac Os X
Apple Mac Os X 10.5
Apple Mac Os X 10.5.1
Apple Mac Os X Server 10.5.3
Apple Mac Os X Server 10.5.4
Apple Mac Os X 10.5.4
Apple Mac Os X Server 10.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »