ROS-20241112-11

A vulnerability in the index.php component of Enterprise Server, a cloud-based software package for creating and using Nextcloud Server data storage is related to an access control flaw. Exploitation of the vulnerability could allow an attacker acting remotely to modify or delete VCards in the...

PT-2024-9160 · Nextcloud +2 · Nextcloud Enterprise Server +3

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 28.0.12 Nextcloud Server versions prior to 29.0.9 Nextcloud Server versions prior to 30.0.2 Nextcloud Enterprise Server versions prior to 25.0.13.14 Nextcloud Enterprise Server versions prior to 26.0.13.10...

PT-2024-9159 · Nextcloud +2 · Nextcloud Enterprise Server +3

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 28.0.11 Nextcloud Server versions prior to 29.0.8 Nextcloud Server versions prior to 30.0.1 Nextcloud Enterprise Server versions prior to 25.0.13.13 Nextcloud Enterprise Server versions prior to 26.0.13.9...

PT-2024-9166 · Nextcloud +2 · Nextcloud Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 28.0.10 Nextcloud Server versions prior to 29.0.7 Nextcloud Server versions prior to 30.0.0 Description: The issue is related to the use of a reversible one-way hash function in Nextcloud Server, which...

PT-2024-9158 · Nextcloud +1 · Nextcloud Enterprise Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 28.0.10 and prior to 29.0.7 Nextcloud Enterprise Server versions prior to 27.1.11.8, prior to 28.0.10, and prior to 29.0.7 Description: The issue is related to the insecure storage of confidential informatio...

PT-2024-9165 · Nextcloud +2 · Nextcloud Enterprise Server +3

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 22.2.11 Nextcloud Server versions prior to 23.0.11 Nextcloud Server versions prior to 24.0.6 Nextcloud Enterprise Server versions prior to 22.2.11 Nextcloud Enterprise Server versions prior to 23.0.11...

The vulnerability of the files_versions() function in cloud-based software for creating and using Nextcloud Server allows a hacker to restore older versions of documents.

The vulnerability of the filesversions function in cloud-based software for creating and using Nextcloud Server storage involves the ability to restore older versions of documents, if the filesversions function is enabled. Exploiting this vulnerability could allow a malicious actor to restore old...

The vulnerability of cloud software in creating and using Nextcloud Server and Nextcloud Enterprise Server lies in the authentication procedures’ flaws, which allow attackers to bypass the authentication process.

The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor to bypass the 2FA authentication process...

The vulnerability of the Delete component in the cloud software for creating and using Nextcloud Server’s data storage allows a attacker to cause a service failure.

The vulnerability of the “Delete” component in the cloud software for creating and using data storage for Nextcloud Server is related to lack of access control. Exploiting this vulnerability could allow an attacker to cause service interruptions...

The vulnerability of cloud software for creating and using Nextcloud Server’s data storage solution allows a hacker to bypass the authentication process.

The vulnerability of cloud-based software for creating and using Nextcloud Server lies in accessing an active session of another user, by sending calls directly to the API without requiring a password confirmation. Exploiting this vulnerability allows a malicious actor to bypass the authenticatio...

Nextcloud Server < 25.0.13.7, 26.x < 26.0.13, 27.x < 27.1.8, 28.x < 28.0.4 Improper Access Control Vulnerability (GHSA-xwgx-f37p-xh8c)

Nextcloud Server is prone to an improper access control vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Nextcloud Server < 23.0.12.17, 24.x < 24.0.12.13, 25.x < 25.0.13.8, 26.x < 26.0.13, 27.x < 27.1.8, 28.x < 28.0.4 Improper Access control Vulnerability (GHSA-jjm3-j9xh-5xmq)

Nextcloud Server is prone to an improper access control vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Nextcloud Server < 23.0.12.16, 24.x < 24.0.12.12, 25.x < 25.0.13.16, 26.x < 26.0.12, 27.x < 27.1.7, 28.x < 28.0.3 Improper Access Control Vulnerability (GHSA-5mq8-738w-5942)

Nextcloud Server is prone to an improper access control vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Nextcloud Server < 21.0.9.17, 22.x < 22.2.10.22, 23.x < 23.0.12.17, 24.x < 24.0.12.14, 25.x < 25.0.13.8, 26.x < 26.0.13, 27.x < 27.1.8, 28.x < 28.0.4 Improper Authentication Vulnerability (GHSA-9v72-9xv5-3p7c)

Nextcloud Server is prone to an improper authentication vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

SUSE CVE-2024-37313

Nextcloud server is a self hosted personal cloud system. Under some circumstance it was possible to bypass the second factor of 2FA after successfully providing the user credentials. It is recommended that the Nextcloud Server is upgraded to 26.0.13, 27.1.8 or 28.0.4 and Nextcloud Enterprise Serv...

SUSE CVE-2024-37315

Nextcloud Server is a self hosted personal cloud system. An attacker with read-only access to a file is able to restore older versions of a document when the filesversions app is enabled. It is recommended that the Nextcloud Server is upgraded to 26.0.12, 27.1.7 or 28.0.3 and that the Nextcloud...

SUSE CVE-2024-37882

Nextcloud Server is a self hosted personal cloud system. A recipient of a share with read&share permissions could reshare the item with more permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.13 or 27.1.8 or 28.0.4 and that the Nextcloud Enterprise Server is upgraded to...

CVE-2024-37885

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. A code injection in Nextcloud Desktop Client for macOS allowed to load arbitrary code when starting the client with DYLDINSERTLIBRARIES set in the enviroment. It is recommended that the Nextcloud...

CVE-2024-37882 Nextcloud Server can reshare read&share only folder with more permissions

Nextcloud Server is a self hosted personal cloud system. A recipient of a share with read&share permissions could reshare the item with more permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.13 or 27.1.8 or 28.0.4 and that the Nextcloud Enterprise Server is upgraded to...

CVE-2024-37882

CVE-2024-37882 affects Nextcloud Server (and Enterprise Server per advisory) where a recipient of a share with read&share permissions could reshared the item with higher permissions. The NVD entry lists higher impact on confidentiality and integrity (C/H, I/H) but no availability impact, with net...