Vulnerabilities > KDE > ARK

DATE CVE VULNERABILITY TITLE RISK
2020-09-02 CVE-2020-24654 Link Following vulnerability in multiple products
In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.
3.3
2020-08-03 CVE-2020-16116 Path Traversal vulnerability in multiple products
In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal.
3.3
2017-03-27 CVE-2017-5330 OS Command Injection vulnerability in multiple products
ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications.
local
low complexity
fedoraproject kde CWE-78
7.8