Gnome : Security Vulnerabilities, CVEs, (Directory traversal) CVSS score >= 4
A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.
Max CVSS
5.5
EPSS Score
0.16%
Published
2023-07-22
Updated
2024-01-24
autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for CVE-2020-36241.
Max CVSS
5.5
EPSS Score
0.05%
Published
2021-03-17
Updated
2022-05-20
autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended extraction location.
Max CVSS
5.5
EPSS Score
0.05%
Published
2021-02-05
Updated
2022-04-08
An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a filename contained in a TAR archive, possibly overwriting a file during extraction.
Max CVSS
4.3
EPSS Score
0.76%
Published
2019-09-21
Updated
2019-12-20
Directory traversal vulnerability in the gcab_folder_extract function in libgcab/gcab-folder.c in gcab 0.4 allows remote attackers to write to arbitrary files via crafted path in a CAB file, as demonstrated by "\tmp\moo."
Max CVSS
6.4
EPSS Score
0.75%
Published
2015-01-15
Updated
2018-10-30
Directory traversal vulnerability in soup-uri.c in SoupServer in libsoup before 2.35.4 allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in a URI.
Max CVSS
5.0
EPSS Score
0.63%
Published
2011-08-31
Updated
2012-02-02
Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. A crafted email could cause these applications to write data in arbitrary locations on the filesystem, crash, or potentially execute arbitrary code when decoding attachments.
Max CVSS
7.8
EPSS Score
0.11%
Published
2021-05-26
Updated
2021-06-04
Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allows remote malicious FTP servers to read arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command.
Max CVSS
5.0
EPSS Score
1.41%
Published
2005-05-02
Updated
2023-08-03
8 vulnerabilities found