How severe is CVE-2018-20251?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2018-20251?

This is classified as CWE-693, which is a common weakness in software security.

CVE-2018-20251 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

In WinRAR versions prior to and including 5.61, there is path traversal vulnerability when crafting the filename field of the ACE format. The UNACE module (UNACEV2.dll) creates files and folders as written in the filename field even when WinRAR validator noticed the traversal attempt and requestd to abort the extraction process. the operation is cancelled only after the folders and files were created but prior to them being written, therefore allowing the attacker to create empty files and folders everywhere in the file system.

Related Vulnerabilities

CVE-2020-12954

MEDIUM

CVSS:5.5(Medium)

A side effect of an integrated chipset option may be able to be used by an attacker to bypass SPI ROM protections, allowing unauthorized SPI ROM modification.

CWE-6932020

CVE-2021-26355

MEDIUM

CVSS:5.5(Medium)

Insufficient fencing and checks in System Management Unit (SMU) may result in access to invalid message port registers that could result in a potential denial-of-service.

CWE-6932021

CVE-2022-20464

MEDIUM

CVSS:5.5(Medium)

In various functions of ap_input_processor.c, there is a possible way to record audio during a phone call due to a logic error in the code. This could lead to local information disclosure with User ex...

CWE-6932022

CVE-2022-42821

MEDIUM

CVSS:5.5(Medium)

A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.2, macOS Big Sur 11.7.2, macOS Ventura 13. An app may bypass Gatekeeper checks.

CWE-6932022

CVE-2023-25080

MEDIUM

CVSS:5.5(Medium)

Protection mechanism failure in some Intel(R) Distribution of OpenVINO toolkit software before version 2023.0.0 may allow an authenticated user to potentially enable information disclosure via local a...

CWE-6932023

CVE-2023-30757

MEDIUM

CVSS:5.5(Medium)

A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Au...

CWE-6932023