Debian » Debian Linux : Security Vulnerabilities, CVEs, Published In 2017 (Directory traversal)
unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory.
Max CVSS
7.5
EPSS Score
0.11%
Published
2017-09-03
Updated
2021-02-25
Directory Traversal in Zip Extraction built-in function in Kodi 17.1 and earlier allows arbitrary file write on disk via a Zip file as subtitles.
Max CVSS
5.5
EPSS Score
0.15%
Published
2017-05-23
Updated
2019-10-03
An issue was discovered in ytnef before 1.9.1. This is related to a patch described as "9 of 9. Directory Traversal using the filename; SanitizeFilename function in settings.c."
Max CVSS
7.8
EPSS Score
0.27%
Published
2017-02-24
Updated
2019-05-18
The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a directory traversal vulnerability. If a site allows uploading of .zip files, an attacker can upload a malicious file that uses "../" pathname substrings to write arbitrary files to the filesystem.
Max CVSS
9.8
EPSS Score
0.43%
Published
2017-02-27
Updated
2020-05-14
RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.
Max CVSS
7.5
EPSS Score
0.88%
Published
2017-08-31
Updated
2019-10-09
A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an overwrite of files. A malicious server or someone with access to the network traffic can provide an invalid filename for a splash image triggering the vulnerability.
Max CVSS
5.8
EPSS Score
0.51%
Published
2017-01-06
Updated
2017-03-30
Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink.
Max CVSS
7.5
EPSS Score
1.26%
Published
2017-08-07
Updated
2021-02-19
7 vulnerabilities found