Design/Logic Flaw

ownCloud owncloud/client before 2.7 allows DLL Injection. The desktop client loaded development plugins from certain directories when they were present...

CVE-2020-28646

ownCloud owncloud/client before 2.7 allows DLL Injection. The desktop client loaded development plugins from certain directories when they were present...

ownCloud 代码问题漏洞

OwnCloud is a suite of personal cloud storage solutions from OwnCloud USA. An injection vulnerability exists in OwnCloud client versions prior to 2.7, which can be exploited by an attacker to load development plugins from certain directories using the desktop client...

PT-2021-11572 · Owncloud · Owncloud

Name of the Vulnerable Software and Affected Versions: ownCloud versions prior to 2.7 Description: The issue allows DLL Injection due to the desktop client loading development plugins from certain directories when they are present. Recommendations: For versions prior to 2.7, update to version 2.7...

Fedora: Security Advisory for containernetworking-plugins (FEDORA-2021-fb466fb623)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 32 Update: mingw-flac-1.3.3-1.fc32

FLAC stands for Free Lossless Audio Codec. Grossly oversimplified, FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of the stream format, reference encoders and decoders in library form, flac, a command-line program to encode and decode FLAC files, metaflac, a command-line...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update

Red Hat OpenShift Container Platform release 4.7.0 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

DLL injection in the ownCloud Desktop Client - ownCloud

The released desktop client was loading development plugins from certain directories when they were present...

container-tools:ol8 security, bug fix, and enhancement update

buildah 1.16.7-4.0.1 - Handling redirect from the docker registry Orabug: 29874238 Nikita Gerasimov 1.16.7-4 - update to the latest content of https://github.com/containers/buildah/tree/release-1.16 https://github.com/containers/buildah/commit/aaed66b - Related: 1888571 1.16.7-3 - revert back to...

aglow (>=0.1.0rc3 <=0.1.0rc4), ai-flow (>=0.1.0 <=0.3.1) +6 more potentially affected by CVE-2021-26697 via apache-airflow (>=1.8.2 <=2.0.0rc3)

apache-airflow PYPI version =1.8.2, =0.1.0rc3, =0.1.0, =2.4.2, =1.7.2, =0.0.5, =0.0.6 Source cves: CVE-2021-26697 Source advisory: OSV:PYSEC-2021-3...

aglow (>=0.1.0rc3 <=0.1.0rc4), ai-flow (>=0.1.0 <=0.3.1) +6 more potentially affected by CVE-2021-26559 via apache-airflow (>=1.8.2 <=2.0.0rc3)

apache-airflow PYPI version =1.8.2, =0.1.0rc3, =0.1.0, =2.4.2, =1.7.2, =0.0.5, =0.0.6 Source cves: CVE-2021-26559 Source advisory: OSV:PYSEC-2021-2...

The vulnerability of the qtdemux_tag_add_str_full function (gst/isomp4/qtdemux.c) in the gst-plugins-good plugin for the Gstreamer multimedia framework allows a attacker to trigger a service failure.

The vulnerability of the qtdemuxtagaddstrfull function gst/isomp4/qtdemux.c in the Gst-plugins-good plugin for the Gstreamer multimedia framework is related to the execution of operations outside the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to cause...

The vulnerability of the gst_avi_demux_parse_ncdt function (gst/avi/gstavidemux.c) in the Gstreamer multimedia framework’s gst-plugins-good plugin. This vulnerability allows an attacker to cause a service failure.

The vulnerability of the gstavidemuxparsencdt function gst/avi/gstavidemux.c in the gst-plugins-good plugin for the Gstreamer multimedia framework is related to the execution of operations outside of the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to cause...

OESA-2021-1035 gstreamer1-plugins-bad-free security update

GStreamer is a pipeline-based multi media framework that links together a wide variety of media processing systems to complete complex workflows, based on graphs of filters which operate on media data. This package contains plug-ins that are not tested well enough yet, or the code is not of good...

AZL-6470 CVE-2021-21303 affecting package helm for versions less than 3.4.1-4

Helm is open-source software which is essentially "The Kubernetes Package Manager". Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. In Helm from version 3.0 and before version 3.5.2, there a few cases where data loaded from potentially untrusted...

@glossgenius/eslint-config (>=1.0.2 <=1.0.7), @halonext/nestjs-express-cassandra (>=7.0.0 <=7.1.0) +7 more potentially affected by CVE-2021-26707 via merge-deep (>=3.0.0 <=3.0.2)

merge-deep NPM version =3.0.0, =1.0.2, =7.0.0, =5.2.0, =6.0.1, =0.0.1, =0.1.0, =0.0.11, =1.0.0, =1.2.4 Source cves: CVE-2021-26707 Source advisory: SNYK:JS-MERGEDEEP-1070277...

Modern Events Calendar Lite < 5.16.5 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not sanitise the miccomment field Notes on time when adding/editing an event, allowing users with privilege as low as author to add events with a Cross-Site Scripting payload in them, which will be triggered in the frontend when viewing the event. Edit WPScanTeam January 22nd, 2021...

DEBIAN-CVE-2021-3185

A flaw was found in the gstreamer h264 component of gst-plugins-bad before v1.18.1 where when parsing a h264 header, an attacker could cause the stack to be smashed, memory corruption and possibly code execution...

CVE-2021-26026

PlugIns\IDEACDStd.apl in ACDSee Professional 2021 14.0 1721 has a User Mode Write Access Violation starting at IDEACDStd!JPEGTransW+0x000000000000c7f4 via a crafted BMP image...

CVE-2021-26026

PlugIns\IDEACDStd.apl in ACDSee Professional 2021 14.0 1721 has a User Mode Write Access Violation starting at IDEACDStd!JPEGTransW+0x000000000000c7f4 via a crafted BMP image...