Lucene search
K

198 matches found

OpenVAS
OpenVAS
added 2021/04/21 12:0 a.m.20 views

openSUSE: Security Advisory for nextcloud-desktop (openSUSE-SU-2021:0577-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.8CVSS8.8AI score0.04698EPSS
Exploits1References2
OSV
OSV
added 2021/04/19 12:8 p.m.4 views

OPENSUSE-SU-2021:0577-1 Security update for nextcloud-desktop

This update for nextcloud-desktop fixes the following issues: nextcloud-desktop was updated to 3.1.3: - desktop2884 stable-3.1 Add support for Hirsute - desktop2920 stable-3.1 Validate sensitive URLs to onle allow https schemes. - desktop2926 stable-3.1 Validate the providers ssl certificate -...

8.8CVSS8.8AI score0.04698EPSS
Exploits1References3
OPENSUSE Linux
OPENSUSE Linux
added 2021/04/19 12:0 a.m.37 views

Security update for nextcloud-desktop (important)

openSUSE Security Update: Security update for nextcloud-desktop Announcement ID: openSUSE-SU-2021:0577-1 Rating: important References: 1184770 Cross-References: CVE-2021-22879 CVSS scores: CVE-2021-22879 SUSE: 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Affected Products: openSUSE Leap 15.2 ...

6.3CVSS8.8AI score0.04698EPSS
Exploits1References1
NVD
NVD
added 2021/04/14 1:15 p.m.22 views

CVE-2021-22879

Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation...

8.8CVSS0.04698EPSS
Exploits1References5
OSV
OSV
added 2021/04/14 1:15 p.m.26 views

CVE-2021-22879

Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation...

8.8CVSS7.2AI score
Exploits0References5
OSV
OSV
added 2021/04/14 1:15 p.m.3 views

DEBIAN-CVE-2021-22879

Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation...

8.8CVSS8.4AI score0.04698EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2021/04/14 1:15 p.m.35 views

CVE-2021-22879

Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation...

8.8CVSS7.4AI score0.04698EPSS
Exploits1References4
Prion
Prion
added 2021/04/14 1:15 p.m.31 views

Design/Logic Flaw

Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation...

6.8CVSS8.7AI score0.04698EPSS
Exploits1References5Affected Software2
OSV
OSV
added 2021/04/14 1:15 p.m.2 views

UBUNTU-CVE-2021-22879

Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation...

8.8CVSS7.5AI score0.04698EPSS
Exploits1References5
CVE
CVE
added 2021/04/14 12:41 p.m.208 views

CVE-2021-22879

CVE-2021-22879 affects Nextcloud Desktop Client prior to version 3.1.3. The vulnerability arises from missing validation of URLs, enabling a remote server to trigger resource injection and execute commands on the user’s machine, with user interaction required for exploitation. Public references f...

8.8CVSS8.6AI score0.04698EPSS
Exploits1References5Affected Software1
Debian CVE
Debian CVE
added 2021/04/14 12:41 p.m.29 views

CVE-2021-22879

Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation...

8.8CVSS8.9AI score0.04698EPSS
Exploits1
Prion
Prion
added 2017/04/10 3:59 a.m.12 views

Design/Logic Flaw

AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a "resource injection vulnerability."...

7.8CVSS7.6AI score0.08759EPSS
Exploits6References1Affected Software1
CVE
CVE
added 2017/04/10 3:0 a.m.61 views

CVE-2015-8258

CVE-2015-8258 affects AXIS Communications devices with firmware up to 5.80.x. The issue is a resource injection via the imagePath parameter in view.shtml, enabling XSS/Open Script Editor abuse to potentially cause a URL-based request to attacker-controlled content. The vulnerability arises from h...

7.8CVSS7.5AI score0.08759EPSS
Exploits6References1Affected Software1
exploitpack
exploitpack
added 2017/03/17 12:0 a.m.69 views

AXIS Communications - Cross-Site Scripting Content Injection

AXIS Communications - Cross-Site Scripting Content Injection 0RWELLL4BS security advisory olsa-2015-8258 PGP: 79A6CCC0 @orwelllabs Advisory Information ==================== - Title: ImagePath Resource Injection/Open script editor - Vendor: AXIS Communications - Research and Advisory: Orwelllabs -...

7.8CVSS7.4AI score0.08759EPSS
Exploits6
NVD
NVD
added 2015/02/14 3:1 a.m.18 views

CVE-2015-0931

Ektron Content Management System CMS 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1, when the Saxon XSLT parser is used, allows remote attackers to execute arbitrary code via a crafted XSLT document, related to a "resource injection" issue...

6.8CVSS7.6AI score0.02441EPSS
Exploits0References1
Prion
Prion
added 2015/02/14 3:1 a.m.15 views

Design/Logic Flaw

Ektron Content Management System CMS 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1, when the Saxon XSLT parser is used, allows remote attackers to execute arbitrary code via a crafted XSLT document, related to a "resource injection" issue...

6.8CVSS8.2AI score0.02441EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2015/02/14 2:0 a.m.22 views

CVE-2015-0931

Ektron Content Management System CMS 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1, when the Saxon XSLT parser is used, allows remote attackers to execute arbitrary code via a crafted XSLT document, related to a "resource injection" issue...

7.6AI score0.02441EPSS
Exploits0References1
CERT
CERT
added 2015/02/05 12:0 a.m.33 views

Ektron Content Management System (CMS) contains multiple vulnerabilities

Overview Ektron Content Management System CMS versions 8.5, 8.7, and 9.0 contain a XXE and a resource injection vulnerability. Description Note: A prior version of this report indicated incorrectly that Ektron CMS version 9.1 was vulnerable. The vendor indicated that the last version to ship with...

6.8CVSS6.8AI score0.22034EPSS
Exploits3References4
Rows per page
Query Builder