How severe is CVE-2018-10501?

This vulnerability has a severity rating of HIGH with a CVSS score of 7 out of 10.

What type of vulnerability is CVE-2018-10501?

This is classified as CWE-22, which is a common weakness in software security.

CVE-2018-10501 - HIGH Severity | CVSS 7

Vulnerability Description

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Notes Fixed in version 2.0.02.31. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of ZIP files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the application. Was ZDI-CAN-5358.

Related Vulnerabilities

CVE-2016-9351

HIGH

CVSS:7.0(High)

An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The directory traversal/file upload error allows an attacker to upload and unpack a zip file.

CWE-222016

CVE-2017-5899

HIGH

CVSS:7.0(High)

Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a ....

CWE-222017

CVE-2017-9067

HIGH

CVSS:7.0(High)

In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/in...

CWE-222017

CVE-2022-44749

HIGH

CVSS:7.0(High)

A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Analytics Platform 3.2.0 and above can result in arbitrary files being overwritten on the user's system. This vulner...

CWE-222022

CVE-2023-38176

HIGH

CVSS:7.0(High)

Azure Arc-Enabled Servers Elevation of Privilege Vulnerability

CWE-222023

CVE-2016-10330

HIGH

CVSS:7.1(High)

Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors.

CWE-222016