Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-44537: Missing URL validation allowed RCE on the desktop client - ownCloud

ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop client via a URL, leading to remote code execution.

CVE
#rce
  • Product

  • Community

  • Partners

  • News news* Insights & Updates * ownCloud News

    • Forum
      • ownCloud Central
    • Events
      • Upcoming Events
      • Past Events / Recordings
    • Social Media
      • Facebook
      • Twitter
      • LinkedIn

    Latest Posts

    Klaas Freitag, CTO, ownCloud, discusses the release of ownCloud Infinite Scale stable version for general availability.

    Read more

    Infinite Scale is a multi-purpose Data Platform with a focus on performance, scalability, security and governance. It …

    Read more

  • Pricing

  • Risk: low

  • CVSS v3 Base Score: 4.1

  • CVSS v3 Vector: AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L

  • CWE ID: CWE-99

  • CWE Name: Improper Control of Resource Identifiers (‘Resource Injection’)

  • CVE: CVE-2021-44537

Description

A malicious server could achieve remote code execution on the desktop client because of missing validation of URLs. Exploitation required user interaction.

Affected

  • owncloud/client < 2.9.2

Action taken

Validate the URLs

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907