4.4.95

DATE	CVE	VULNERABILITY TITLE	RISK
2020-09-02	CVE-2020-24654	Link Following vulnerability in multiple products In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory. local low complexity kde canonical debian opensuse fedoraproject CWE-59	3.3
2020-08-03	CVE-2020-16116	Path Traversal vulnerability in multiple products In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal. local low complexity kde debian fedoraproject opensuse canonical CWE-22	3.3
2017-03-27	CVE-2017-5330	OS Command Injection vulnerability in multiple products ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications. local low complexity fedoraproject kde CWE-78	7.8