In kerfuffle/jobs.cpp in KDE Ark prior to 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
kde ark |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |
||
fedoraproject fedora 31 |
||
fedoraproject fedora 32 |
||
opensuse leap 15.1 |
||
opensuse leap 15.2 |
||
canonical ubuntu linux 18.04 |
||
canonical ubuntu linux 20.04 |
Meanwhile, KDE desktops can be pwned by evil archives
In Brief Cisco customers once again find themselves needing to patch critical vulnerabilities in Switchzilla's gear. The equipment maker has emitted fixes or updates for multiple CVE-listed vulnerabilities in the Treck IP stack (the Ripple20 bugs), Data Center Network Manager, and SD-WAN. Those patches should be applied ASAP. A high-rated path traversal vulnerability was patched in the Adaptive Security Appliance and Firepower Threat Defense software. Additionally, there were five high-rated bul...