Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-16116 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2022-09-11 | 4.3 MEDIUM | 3.3 LOW |
In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal. | |||||
CVE-2020-24654 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2022-09-11 | 4.3 MEDIUM | 3.3 LOW |
In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory. | |||||
CVE-2011-2725 | 3 Canonical, Kde, Opensuse | 4 Ubuntu Linux, Ark, Kde Sc and 1 more | 2018-10-30 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. (dot dot) sequences in a zip file. | |||||
CVE-2017-5330 | 2 Fedoraproject, Kde | 2 Fedora, Ark | 2017-03-31 | 6.8 MEDIUM | 7.8 HIGH |
ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications. |