CVE-2024-37315 Nextcloud Server's read-only users can restore old versions

Nextcloud Server is a self hosted personal cloud system. An attacker with read-only access to a file is able to restore older versions of a document when the filesversions app is enabled. It is recommended that the Nextcloud Server is upgraded to 26.0.12, 27.1.7 or 28.0.3 and that the Nextcloud...

CVE-2024-37315

CVE-2024-37315 affects Nextcloud Server; with files_versions feature enabled, an attacker with read-only access to a file can restore older document versions. Remediation per sources: upgrade Nextcloud Server to 28.0.3 or later (and 26.0.12, 27.1.7 for broader Enterprise coverage; see associated ...

CVE-2024-37314 Nextcloud Photos' shared albums have no restriction on photo removal

Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or 26.0.2...

CVE-2024-37314 Nextcloud Photos' shared albums have no restriction on photo removal

Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or 26.0.2...

CVE-2024-37314 Nextcloud Photos' shared albums have no restriction on photo removal

Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or 26.0.2...

CVE-2024-37314

CVE-2024-37314 concerns Nextcloud Photos enabling removal of photos from a registered user’s album. The entry notes remediation by upgrading Nextcloud Server to 25.0.7 or 26.0.2 and Nextcloud Enterprise Server to 25.0.7 or 26.0.2. Connected documents show multiple related Nextcloud vulnerabilitie...

CVE-2024-37313 Nextcloud server allows the by-pass the second factor

Nextcloud server is a self hosted personal cloud system. Under some circumstance it was possible to bypass the second factor of 2FA after successfully providing the user credentials. It is recommended that the Nextcloud Server is upgraded to 26.0.13, 27.1.8 or 28.0.4 and Nextcloud Enterprise Serv...

ID4me does not validate signature or expiration

None...

Missing permission check when removing a photo from an album

None...

PT-2024-4382 · Nextcloud +2 · Nextcloud Enterprise Server +3

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 26.0.12 Nextcloud Server versions prior to 27.1.7 Nextcloud Server versions prior to 28.0.3 Nextcloud Enterprise Server versions prior to 26.0.12 Nextcloud Enterprise Server versions prior to 27.1.7 Nextclou...

PT-2024-4351 · Nextcloud +2 · Nextcloud Server +3

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 26.0.13, 27.1.8, and 28.0.4 Nextcloud Enterprise Server versions prior to 21.0.9.17, 22.2.10.22, 23.0.12.17, 24.0.12.13, 25.0.13.8, 26.0.13, 27.1.8, and 28.0.4 Description: The issue is related to a flaw in...

PT-2024-4381 · Nextcloud +2 · Nextcloud Server +3

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 26.0.12 Nextcloud Server versions prior to 27.1.7 Nextcloud Server versions prior to 28.0.3 Nextcloud Enterprise Server versions prior to 23.0.12.16 Nextcloud Enterprise Server versions prior to 24.0.12.12...

Nextcloud Security Breach

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server that stems from a second factor of 2FA that can be bypassed in some cases by successfully providing use...

PT-2024-4383 · Nextcloud +2 · Nextcloud Enterprise Server +3

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 26.0.13 Nextcloud Server versions prior to 27.1.8 Nextcloud Server versions prior to 28.0.4 Nextcloud Enterprise Server versions prior to 26.0.13 Nextcloud Enterprise Server versions prior to 27.1.8 Nextclou...

PT-2024-4380 · Nextcloud +2 · Nextcloud Server +3

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 27.1.10 Nextcloud Server versions prior to 28.0.6 Nextcloud Server versions prior to 29.0.1 Nextcloud Enterprise Server versions prior to 27.1.10 Nextcloud Enterprise Server versions prior to 28.0.6 Nextclou...

Fedora 38 : nextcloud (2024-d67f9827b2)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-d67f9827b2 advisory. Fix typo and 2 RPM build warnings ---- - update to 28.0.3 - fix CVE-2024-22403 Tenable has extracted the preceding description block directly from the Fedora...

The vulnerability of cloud software for creating and using Nextcloud Server’s data storage system, related to bypassing authentication, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of cloud-based software for creating and using Nextcloud Server storage involves the ability to include or exclude birthdays of any user on the same server in the calendar. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected...

The vulnerability of cloud-based software for creating and using Nextcloud Server’s data storage system lies in improper input validation during the creation of web pages. This allows attackers to execute cross-site scripting (XSS) attacks.

The vulnerability of cloud-based software for creating and using Nextcloud Server storage solutions is related to the ability to copy HTML code without formatting Ctrl+Shift+V. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks XSS...

The vulnerability of cloud software for creating and using Nextcloud Server’s data storage solution is related to improper access control, allowing attackers to circumvent existing access restrictions.

The vulnerability of cloud-based software for creating and using Nextcloud Server lies in the ability to update any personal or global external storage, making it inaccessible to everyone else. Exploiting this vulnerability could allow a malicious actor to circumvent existing access control...

The vulnerability of cloud-based software for creating and using Nextcloud Server’s data storage system lies in improper input validation during the creation of web pages. This allows attackers to execute cross-site scripting (XSS) attacks.

The vulnerability of cloud-based software for creating and using Nextcloud Server storage involves improper input validation during the creation of web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS remotely...