CVE-2023-35927 Nextcloud system addressbooks can be modified by malicious trusted server

NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until...

System addressbooks can be modified by malicious trusted server

None...

agentopia (>=0.1.0 <=0.1.5), alaya-py (>=0.15.0.0 <=0.15.0.1) +219 more potentially affected by CVE-2022-37454 via pysha3 (>=0.3.0 <=1.0.2)

pysha3 PYPI version =0.3.0, =0.1.0, =0.15.0.0, =0.4.0a1, =0.1.0, =0.1.22, =0.4.0, =0.4.0a0, =0.1.0a0, =0.4.0a1, =0.1.0, =0.4.0, =0.4.0, =0.4.0, =0.5.2 - ape-frame =0.5.0a0 and more Source cves: CVE-2022-37454 Source advisory: OSV:GHSA-6W4M-2XHG-2658...

SUSE CVE-2017-0895

Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure of calendar and addressbook names to other logged-in users. Note that no actual content of the calendar and addressbook has been disclosed...

CVE-2021-31583

Sipwise C5 NGCP WWW Admin version 3.6.7 up to and including platform version NGCP CE 3.0 has multiple authenticated stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user: Stored XSS in...

PT-2021-19431 · Sipwise · Sipwise C5 Ngcp Www Admin

Name of the Vulnerable Software and Affected Versions: Sipwise C5 NGCP WWW Admin version 3.6.7 up to and including platform version NGCP CE 3.0 Description: The issue concerns multiple authenticated stored and reflected XSS vulnerabilities. These occur when input passed via several parameters to...

EulerOS 2.0 SP2 : evolution-data-server (EulerOS-SA-2021-1293)

According to the versions of the evolution-data-server packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - evolution-data-server eds through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a 'begin...

openSUSE Security Update : MozillaThunderbird (openSUSE-2020-2133)

This update for MozillaThunderbird fixes the following issues : - Mozilla Thunderbird 78.4.2 MFSA 2020-49 bsc1178611 - CVE-2020-26950 bmo1675905 Write side effects in MCallGetProperty opcode not accounted for - Mozilla Thunderbird 78.4.1 - new: Thunderbird prompts for an address to use when...

Tine Addressbook Cross-Site Scripting Vulnerability

Tine is a set of open source component solutions. The solution provides e-mail, address book and calendar features. addressbook is one of the address book components. A cross-site scripting vulnerability exists in Addressbook in Tine version 2.0 2017.02.4. A remote attacker could exploit the...

CVE-2017-1000164

Tine 2.0 version 2017.02.4 is vulnerable to XSS in the Addressbook resulting code execution and privilege escalation...

Privilege escalation

Tine 2.0 version 2017.02.4 is vulnerable to XSS in the Addressbook resulting code execution and privilege escalation...

CVE-2017-1000164

Tine 2.0 version 2017.02.4 is vulnerable to XSS in the Addressbook resulting code execution and privilege escalation...

CVE-2017-1000164

Tine 2.0 version 2017.02.4 is vulnerable to XSS in the Addressbook resulting code execution and privilege escalation...

Nextcloud 'Calender and Addressbook' Information Disclosure Vulnerability - Linux

Nextcloud is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2017-0895

Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure of calendar and addressbook names to other logged-in users. Note that no actual content of the calendar and addressbook has been disclosed...

Design/Logic Flaw

Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure of calendar and addressbook names to other logged-in users. Note that no actual content of the calendar and addressbook has been disclosed...

CVE-2017-0895

Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure of calendar and addressbook names to other logged-in users. Note that no actual content of the calendar and addressbook has been disclosed...

CVE-2017-0895

Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure of calendar and addressbook names to other logged-in users. Note that no actual content of the calendar and addressbook has been disclosed...

CVE-2017-0895

The CVE-2017-0895 vulnerability affects Nextcloud Server before 10.0.4 and 11.0.2, where a logical error allows disclosure of calendar and addressbook names to other logged‑in users. No calendar/addressbook content is exposed. Affected versions are fixed in the NC-SA-2017-012 advisory, with Nextc...

Calendar and addressbook names disclosed (NC-SA-2017-012)

A logical error caused disclosure of calendar and addressbook names to other logged-in users. Note that no actual content of the calendar and adressbook has been disclosed...