50 matches found
CVE-2022-39347
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing path canonicalization and base path check for drive channel. A malicious server can trick a FreeRDP based client to read files outside the shared directory. This issue has been addressed in...
CVE-2022-39347
CVE-2022-39347 affects FreeRDP: vulnerable in affected FreeRDP clients due to missing path canonicalization and base path checks on the drive channel, allowing a malicious server to trick a client into reading files outside the shared directory. The issue has been addressed in version 2.9.0; user...
CVE-2022-39347 Missing path sanitation with `drive` channel in FreeRDP
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing path canonicalization and base path check for drive channel. A malicious server can trick a FreeRDP based client to read files outside the shared directory. This issue has been addressed in...
CVE-2022-39347
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing path canonicalization and base path check for drive channel. A malicious server can trick a FreeRDP based client to read files outside the shared directory. This issue has been addressed in...
jenkins: File path filters do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories
A link following vulnerability was found in Jenkins. The file path filters do not canonicalize paths allowing operations to follow symbolic links to directories they are not supposed to have access to. This may allow an attacker to read and write arbitrary files on the Jenkins controller file...
jenkins: File path filters do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories
A link following vulnerability was found in Jenkins. The file path filters do not canonicalize paths allowing operations to follow symbolic links to directories they are not supposed to have access to. This may allow an attacker to read and write arbitrary files on the Jenkins controller file...
libguestfs security, bug fix, and enhancement update
1.7.17-17 - Remove dependency on gfs2-utils. resolves: rhbz695138 1.7.17-16 - Canonicalize /dev/vd paths in virt-inspector code. resolves: rhbz691724 1.7.17-15 - Fix trace segfault for non-daemon functions. resolves: rhbz676788 1.7.17-14 - Add explicit BuildRequires for latest augeas. RHBZ677616...
CVE-2008-4250
The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild ...
CVE-2008-4250
The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild ...
PT-2008-1138
Name of the Vulnerable Software and Affected Versions Microsoft Windows 2000 SP4 Microsoft Windows XP SP2 and SP3 Microsoft Windows Server 2003 SP1 and SP2 Microsoft Windows Vista Gold and SP1 Microsoft Windows Server 2008 Microsoft Windows 7 Pre-Beta Windows Embedded Standard 2009 Description Th...