CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-9359 – okular: local binary execution via specially crafted PDF files
https://notcve.org/view.php?id=CVE-2020-9359
24 Mar 2020 — KDE Okular before 1.10.0 allows code execution via an action link in a PDF document. KDE Okular versiones anteriores a la versión 1.10.0, permite una ejecución de código por medio de un enlace de acción en un documento PDF. Okular is a universal document viewer developed by KDE supporting different kinds of documents, like PDF, Postscript, DjVu, CHM, XPS, ePub and others. • https://invent.kde.org/kde/okular/-/commit/6a93a033b4f9248b3cd4d04689b8391df754e244 • CWE-184: Incomplete List of Disallowed Inputs •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-1000801 – okular: Directory traversal in function unpackDocumentArchive() in core/document.cpp
https://notcve.org/view.php?id=CVE-2018-1000801
06 Sep 2018 — okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "core/document.cpp" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via he victim must open a specially crafted Okular archive. This issue appears to have been corrected in version 18.08.1 okular en versiones 18.08 y anteriores contiene una vulnerabilidad de salto de directorio en la función "unpackDocumentArchive(...)" en "core/do... • https://bugs.kde.org/show_bug.cgi?id=398096 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •