[ASA-202103-2] wireshark-qt: arbitrary code execution

Arch Linux Security Advisory ASA-202103-2 ========================================= Severity: Medium Date : 2021-03-13 CVE-ID : CVE-2021-22191 Package : wireshark-qt Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1669 Summary ======= The package wireshark-q...

Nextcloud: Nextcloud Desktop Client RCE via malicious URI schemes

Nextcloud Desktop utilizes QT's QDesktopServices::openUrl to open URLs. This function invokes the OS'/Desktop environment's default application to handling the URI scheme and file extension. During the Nextcloud Add Account flow, the server's login website is opened within a native window/WebView...

Remote code execution

The client in Electronic Arts EA Origin 10.5.36 on Windows allows template injection in the title parameter of the Origin2 URI handler. This can be used to escape the underlying AngularJS sandbox and achieve remote code execution via an origin2://game/launch URL for QtApplication QDesktopServices...

CVE-2019-11354

The client in Electronic Arts EA Origin 10.5.36 on Windows allows template injection in the title parameter of the Origin2 URI handler. This can be used to escape the underlying AngularJS sandbox and achieve remote code execution via an origin2://game/launch URL for QtApplication QDesktopServices...