Lucene search
K

137 matches found

Cvelist
Cvelist
added 2024/11/15 5:37 p.m.55 views

CVE-2024-52509 Nextcloud Mail app does not respect download permissions in shares

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. The Nextcloud mail app incorrectly allowed attaching shared files without download permissions as attachments. This allowed users to send them the files to themselves and then downloading it from their mail clients...

3.5CVSS0.00502EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/11/15 5:37 p.m.15 views

CVE-2024-52509 Nextcloud Mail app does not respect download permissions in shares

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. The Nextcloud mail app incorrectly allowed attaching shared files without download permissions as attachments. This allowed users to send them the files to themselves and then downloading it from their mail clients...

3.5CVSS6.8AI score0.00502EPSS
Exploits0References4
CVE
CVE
added 2024/11/15 5:37 p.m.60 views

CVE-2024-52509

Nextcloud Mail vulnerability CVE-2024-52509: the Nextcloud Mail app incorrectly allowed attaching shared files without download permissions as attachments, enabling access to files via mail clients. Root cause: insufficient access control in the mail attachment handling. Affected versions prior t...

5.7CVSS3.8AI score0.00502EPSS
Exploits0References4Affected Software1
Nextcloud
Nextcloud
added 2024/11/15 1:10 p.m.60 views

Mail auto configurator sends account information to `autoconfig.tld` server when no auto-configuration is possible

None...

8.2CVSS5.2AI score0.00698EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/11/15 12:0 a.m.5 views

Nextcloud Mail 访问控制错误漏洞

Nextcloud Mail is an email from Nextcloud Germany. An access control error vulnerability exists in Nextcloud Mail that stems from allowing shared files without download permissions to be attached as attachments...

5.7CVSS6.5AI score0.00502EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/11/15 12:0 a.m.6 views

PT-2024-9168 · Nextcloud +1 · Nextcloud Mail +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Mail versions prior to 1.14.6 Nextcloud Mail versions prior to 1.15.4 Nextcloud Mail versions prior to 2.2.11 Nextcloud Mail versions prior to 3.6.3 Nextcloud Mail versions prior to 3.7.7 Nextcloud Mail versions prior to 4.0.0...

8.2CVSS6.9AI score0.00698EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2024/11/15 12:0 a.m.11 views

PT-2024-9167 · Nextcloud +1 · Nextcloud Mail +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Mail versions prior to 2.2.10 Nextcloud Mail versions prior to 3.6.2 Nextcloud Mail versions prior to 3.7.2 Description: The issue is related to insufficient access control in the Nextcloud mail client, allowing a remote attacker to...

8.2CVSS7.1AI score0.00698EPSS
Exploits0References11
CNNVD
CNNVD
added 2024/11/15 12:0 a.m.7 views

Nextcloud Mail 信息泄露漏洞

Nextcloud Mail is an email from Nextcloud Germany. An information disclosure vulnerability exists in Nextcloud Mail. An attacker who exploits this vulnerability by registering autoconfig.tld will have the email details used sent to the attacker's server...

8.2CVSS6AI score0.00698EPSS
Exploits0References4
NVD
NVD
added 2023/11/21 11:15 p.m.22 views

CVE-2023-48307

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Starting in version 1.13.0 and prior to version 2.2.8 and 3.3.0, an attacker can use an unprotected endpoint in the Mail app to perform a SSRF attack. Nextcloud Mail app versions 2.2.8 and 3.3.0 contain a patch for...

9.8CVSS0.00866EPSS
Exploits0References3
Prion
Prion
added 2023/11/21 11:15 p.m.17 views

Server side request forgery (ssrf)

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Starting in version 1.13.0 and prior to version 2.2.8 and 3.3.0, an attacker can use an unprotected endpoint in the Mail app to perform a SSRF attack. Nextcloud Mail app versions 2.2.8 and 3.3.0 contain a patch for...

7.5CVSS7AI score0.00866EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2023/11/21 10:22 p.m.86 views

CVE-2023-48307

The CVE-2023-48307 entry describes a Server-Side Request Forgery (SSRF) flaw in the Nextcloud Mail app. Affected are Nextcloud Mail versions starting from 1.13.0 up to, but not including, 2.2.8 and up to, but not including, 3.3.0. An attacker can abuse an unprotected endpoint in the Mail app to p...

9.8CVSS6.5AI score0.00866EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/11/21 10:22 p.m.19 views

CVE-2023-48307 Nextcloud Mail app vulnerable to Server-Side Request Forgery

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Starting in version 1.13.0 and prior to version 2.2.8 and 3.3.0, an attacker can use an unprotected endpoint in the Mail app to perform a SSRF attack. Nextcloud Mail app versions 2.2.8 and 3.3.0 contain a patch for...

3.5CVSS9.2AI score0.00866EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/11/21 12:0 a.m.8 views

PT-2023-30769 · Nextcloud · Nextcloud Mail

Name of the Vulnerable Software and Affected Versions: Nextcloud Mail versions 1.13.0 through 2.2.7 Nextcloud Mail versions 2.2.8 is not affected, but versions prior to 3.3.0 are affected, so the correct range is: Nextcloud Mail versions 1.13.0 through 3.2.x Description: Nextcloud Mail is the mai...

9.8CVSS9.4AI score0.00866EPSS
Exploits0References7
CNNVD
CNNVD
added 2023/11/21 12:0 a.m.5 views

Nextcloud Code Issues Vulnerabilities

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A code issue vulnerability exists in Nextcloud Mail versions prior to 2.2.8 and prior to 3.3.0, which can be exploited by an attacker to perform a...

9.8CVSS7AI score0.00866EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/10/18 1:2 a.m.5 views

SUSE CVE-2023-45660

Nextcloud mail is an email app for the Nextcloud home server platform. In affected versions a missing check of origin, target and cookies allows for an attacker to abuse the proxy endpoint to denial of service a third server. It is recommended that the Nextcloud Mail is upgraded to 2.2.8 or 3.3.0...

4.3CVSS6.7AI score0.00601EPSS
Exploits0References3
NVD
NVD
added 2023/10/16 7:15 p.m.48 views

CVE-2023-45660

Nextcloud mail is an email app for the Nextcloud home server platform. In affected versions a missing check of origin, target and cookies allows for an attacker to abuse the proxy endpoint to denial of service a third server. It is recommended that the Nextcloud Mail is upgraded to 2.2.8 or 3.3.0...

4.3CVSS4.5AI score0.00601EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/10/16 6:32 p.m.33 views

CVE-2023-45660 Require strict cookies for image proxy requests in Nextcloud Mail

Nextcloud mail is an email app for the Nextcloud home server platform. In affected versions a missing check of origin, target and cookies allows for an attacker to abuse the proxy endpoint to denial of service a third server. It is recommended that the Nextcloud Mail is upgraded to 2.2.8 or 3.3.0...

4.3CVSS4.9AI score0.00601EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/10/16 6:32 p.m.19 views

CVE-2023-45660 Require strict cookies for image proxy requests in Nextcloud Mail

Nextcloud mail is an email app for the Nextcloud home server platform. In affected versions a missing check of origin, target and cookies allows for an attacker to abuse the proxy endpoint to denial of service a third server. It is recommended that the Nextcloud Mail is upgraded to 2.2.8 or 3.3.0...

4.3CVSS6.7AI score0.00601EPSS
Exploits0References3
CVE
CVE
added 2023/10/16 6:32 p.m.71 views

CVE-2023-45660

CVE-2023-45660 affects Nextcloud Mail. The vulnerability arises from a missing check of origin, target and cookies in the image proxy/endpoint, enabling an attacker to abuse the proxy and cause a denial of service to a third server. Affected versions are Nextcloud Mail prior to 2.2.8 and prior to...

4.3CVSS4.5AI score0.00601EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/10/16 6:32 p.m.22 views

CVE-2023-45660 Require strict cookies for image proxy requests in Nextcloud Mail

Nextcloud mail is an email app for the Nextcloud home server platform. In affected versions a missing check of origin, target and cookies allows for an attacker to abuse the proxy endpoint to denial of service a third server. It is recommended that the Nextcloud Mail is upgraded to 2.2.8 or 3.3.0...

4.3CVSS4.6AI score0.00601EPSS
Exploits0References5
Rows per page
Query Builder