198 matches found
openSUSE: Security Advisory for nextcloud-desktop (openSUSE-SU-2021:0577-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
OPENSUSE-SU-2021:0577-1 Security update for nextcloud-desktop
This update for nextcloud-desktop fixes the following issues: nextcloud-desktop was updated to 3.1.3: - desktop2884 stable-3.1 Add support for Hirsute - desktop2920 stable-3.1 Validate sensitive URLs to onle allow https schemes. - desktop2926 stable-3.1 Validate the providers ssl certificate -...
Security update for nextcloud-desktop (important)
openSUSE Security Update: Security update for nextcloud-desktop Announcement ID: openSUSE-SU-2021:0577-1 Rating: important References: 1184770 Cross-References: CVE-2021-22879 CVSS scores: CVE-2021-22879 SUSE: 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Affected Products: openSUSE Leap 15.2 ...
CVE-2021-22879
Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation...
CVE-2021-22879
Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation...
DEBIAN-CVE-2021-22879
Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation...
CVE-2021-22879
Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation...
Design/Logic Flaw
Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation...
UBUNTU-CVE-2021-22879
Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation...
CVE-2021-22879
CVE-2021-22879 affects Nextcloud Desktop Client prior to version 3.1.3. The vulnerability arises from missing validation of URLs, enabling a remote server to trigger resource injection and execute commands on the user’s machine, with user interaction required for exploitation. Public references f...
CVE-2021-22879
Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation...
Design/Logic Flaw
AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a "resource injection vulnerability."...
CVE-2015-8258
CVE-2015-8258 affects AXIS Communications devices with firmware up to 5.80.x. The issue is a resource injection via the imagePath parameter in view.shtml, enabling XSS/Open Script Editor abuse to potentially cause a URL-based request to attacker-controlled content. The vulnerability arises from h...
AXIS Communications - Cross-Site Scripting Content Injection
AXIS Communications - Cross-Site Scripting Content Injection 0RWELLL4BS security advisory olsa-2015-8258 PGP: 79A6CCC0 @orwelllabs Advisory Information ==================== - Title: ImagePath Resource Injection/Open script editor - Vendor: AXIS Communications - Research and Advisory: Orwelllabs -...
CVE-2015-0931
Ektron Content Management System CMS 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1, when the Saxon XSLT parser is used, allows remote attackers to execute arbitrary code via a crafted XSLT document, related to a "resource injection" issue...
Design/Logic Flaw
Ektron Content Management System CMS 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1, when the Saxon XSLT parser is used, allows remote attackers to execute arbitrary code via a crafted XSLT document, related to a "resource injection" issue...
CVE-2015-0931
Ektron Content Management System CMS 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1, when the Saxon XSLT parser is used, allows remote attackers to execute arbitrary code via a crafted XSLT document, related to a "resource injection" issue...
Ektron Content Management System (CMS) contains multiple vulnerabilities
Overview Ektron Content Management System CMS versions 8.5, 8.7, and 9.0 contain a XXE and a resource injection vulnerability. Description Note: A prior version of this report indicated incorrectly that Ektron CMS version 9.1 was vulnerable. The vendor indicated that the last version to ship with...