Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-13241 | 2 Canonical, Flightcrew Project | 2 Ubuntu Linux, Flightcrew | 2023-02-28 | 6.8 MEDIUM | 7.8 HIGH |
FlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction. | |||||
CVE-2019-14452 | 3 Canonical, Flightcrew Project, Sigil-ebook | 3 Ubuntu Linux, Flightcrew, Sigil | 2019-08-05 | 5.0 MEDIUM | 7.5 HIGH |
Sigil before 0.9.16 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction. | |||||
CVE-2019-13032 | 1 Flightcrew Project | 1 Flightcrew | 2019-07-15 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in FlightCrew v0.9.2 and earlier. A NULL pointer dereference occurs in GetRelativePathToNcx() or GetRelativePathsToXhtmlDocuments() when a NULL pointer is passed to xc::XMLUri::isValidURI(). This affects third-party software (not Sigil) that uses FlightCrew as a library. |