Lucene search
K

4 matches found

CVE
CVE
added 2020/08/03 7:34 p.m.227 views

CVE-2020-16116

CVE-2020-16116 affects KDE Ark prior to version 20.08.0, where kerfuffle/jobs.cpp does not sanitize extraction paths, allowing a crafted archive to write outside the extraction directory via a ../ path traversal. The impact is potential writing of files outside the target directory, with follow-o...

4.3CVSS3.6AI score0.01706EPSS
CVE
CVE
added 2020/09/02 4:22 p.m.211 views

CVE-2020-24654

KDE Ark (ark) before version 20.08.1 is vulnerable to a local privilege/fs access issue: a crafted TAR archive containing symlinks can cause files to be written outside the extraction directory, demonstrated by a write to a user’s home directory. Root cause is inadequate sanitization of extractio...

4.3CVSS3.5AI score0.01496EPSS
CVE
CVE
added 2014/02/04 7:0 p.m.80 views

CVE-2011-2725

CVE-2011-2725 is a directory traversal vulnerability in Ark 4.7.x and earlier. A malicious zip file containing ".." sequences can cause remote attackers to delete or force the display of arbitrary files. Several advisories reference an Ark path traversal vulnerability (ARK) and cite the same CVE,...

6.8CVSS6.5AI score0.02952EPSS
CVE
CVE
added 2017/03/27 3:0 p.m.75 views

CVE-2017-5330

CVE-2017-5330 (Ark) affects Ark, a graphical archive manager. The vulnerability arises when Ark handles executable files within archives; it could execute a malicious script if the file has the executable bit set and is opened, due to Ark not clearly indicating executables. This could allow arbit...

7.8CVSS7.8AI score0.03118EPSS