Lucene search
+L

50 matches found

Debian CVE
Debian CVE
•added 2022/11/16 12:0 a.m.•40 views

CVE-2022-39347

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing path canonicalization and base path check for drive channel. A malicious server can trick a FreeRDP based client to read files outside the shared directory. This issue has been addressed in...

5.7CVSS5.8AI score0.00889EPSS
Exploits0
CVE
CVE
•added 2022/11/16 12:0 a.m.•137 views

CVE-2022-39347

CVE-2022-39347 affects FreeRDP: vulnerable in affected FreeRDP clients due to missing path canonicalization and base path checks on the drive channel, allowing a malicious server to trick a client into reading files outside the shared directory. The issue has been addressed in version 2.9.0; user...

5.7CVSS5.5AI score0.00889EPSS
Exploits0References7Affected Software1
OSV
OSV
•added 2022/11/16 12:0 a.m.•30 views

CVE-2022-39347 Missing path sanitation with `drive` channel in FreeRDP

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing path canonicalization and base path check for drive channel. A malicious server can trick a FreeRDP based client to read files outside the shared directory. This issue has been addressed in...

2.6CVSS5.2AI score0.00889EPSS
Exploits0References9
AlpineLinux
AlpineLinux
•added 2022/11/16 12:0 a.m.•40 views

CVE-2022-39347

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing path canonicalization and base path check for drive channel. A malicious server can trick a FreeRDP based client to read files outside the shared directory. This issue has been addressed in...

5.7CVSS5.8AI score0.00889EPSS
Exploits0
RedHat Linux
RedHat Linux
•added 2021/12/01 12:28 p.m.•5 views

jenkins: File path filters do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories

A link following vulnerability was found in Jenkins. The file path filters do not canonicalize paths allowing operations to follow symbolic links to directories they are not supposed to have access to. This may allow an attacker to read and write arbitrary files on the Jenkins controller file...

8.1CVSS5.9AI score0.01911EPSS
Exploits0References5
RedHat Linux
RedHat Linux
•added 2021/11/29 10:40 a.m.•5 views

jenkins: File path filters do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories

A link following vulnerability was found in Jenkins. The file path filters do not canonicalize paths allowing operations to follow symbolic links to directories they are not supposed to have access to. This may allow an attacker to read and write arbitrary files on the Jenkins controller file...

8.1CVSS5.9AI score0.01911EPSS
Exploits0References5
Oracle linux
Oracle linux
•added 2011/05/29 12:0 a.m.•25 views

libguestfs security, bug fix, and enhancement update

1.7.17-17 - Remove dependency on gfs2-utils. resolves: rhbz695138 1.7.17-16 - Canonicalize /dev/vd paths in virt-inspector code. resolves: rhbz691724 1.7.17-15 - Fix trace segfault for non-daemon functions. resolves: rhbz676788 1.7.17-14 - Add explicit BuildRequires for latest augeas. RHBZ677616...

4.7CVSS6.2AI score0.00382EPSS
Exploits0
ATTACKERKB
ATTACKERKB
•added 2008/10/23 10:0 p.m.•3 views

CVE-2008-4250

The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild ...

10CVSS7.8AI score0.98751EPSS
In wildExploits12References21
Vulnrichment
Vulnrichment
•added 2008/10/23 9:0 p.m.•4 views

CVE-2008-4250

The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild ...

7.8AI score0.98751EPSS
Exploits12References18
Positive Technologies
Positive Technologies
•added 2008/10/23 12:0 a.m.•3 views

PT-2008-1138

Name of the Vulnerable Software and Affected Versions Microsoft Windows 2000 SP4 Microsoft Windows XP SP2 and SP3 Microsoft Windows Server 2003 SP1 and SP2 Microsoft Windows Vista Gold and SP1 Microsoft Windows Server 2008 Microsoft Windows 7 Pre-Beta Windows Embedded Standard 2009 Description Th...

10CVSS8.2AI score0.98751EPSS
Exploits12References36
Rows per page
Query Builder