40 matches found
EUVD-2020-17369
Malware in sbrugna...
EUVD-2020-8082
Malware in sbrugna...
EUVD-2024-53866
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2020-24654
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a...
CVE-2024-57966
libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive...
CVE-2024-57966
libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive...
CVE-2024-57966
libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive...
DEBIAN-CVE-2024-57966
libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive...
CVE-2024-57966
libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive...
UBUNTU-CVE-2024-57966
libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive...
KDE Ark 安全漏洞
KDE Ark is a graphical file compression/decompression utility for the KDE community. A security vulnerability exists in KDE Ark versions prior to 24.12.0, which stems from the fact that libarchiveplugin.cpp can extract absolute paths from archives...
CVE-2024-57966
libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive...
CVE-2024-57966
libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive...
CVE-2024-57966
libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive...
CVE-2024-57966
CVE-2024-57966 affects KDE Ark; libarchiveplugin.cpp in Ark before 24.12.0 allows extraction to absolute paths, enabling overwriting of files. Root cause: insecure path handling in archive extraction. Impact: potential unauthorized file overwrite. Remediation: upgrade Ark to a version with the fi...
SUSE CVE-2020-16116
In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal...
Debian DLA-3015-1 : ark - LTS security update
The remote Debian 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3015 advisory. - In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal. CVE-2020-16116...
GLSA-202101-06 : Ark: Symlink vulnerability
The remote host is affected by the vulnerability described in GLSA-202101-06 Ark: Symlink vulnerability KDE Ark did not fully verify symlinks contained within tar archives. Impact : A remote attacker could entice a user to open a specially crafted tar archive using KDE Ark, possibly resulting in...
CVE-2020-24654
In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory. Mitigation The way to mitigate this flaw is to pay attention to the contents of the archive in ark before extracting,...
[ASA-202009-2] ark: arbitrary filesystem access
Arch Linux Security Advisory ASA-202009-2 ========================================= Severity: High Date : 2020-09-03 CVE-ID : CVE-2020-24654 Package : ark Type : arbitrary filesystem access Remote : No Link : https://security.archlinux.org/AVG-1216 Summary ======= The package ark before version...