PT-2024-9167 · Nextcloud +1 · Nextcloud Mail +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Mail versions prior to 2.2.10 Nextcloud Mail versions prior to 3.6.2 Nextcloud Mail versions prior to 3.7.2 Description: The issue is related to insufficient access control in the Nextcloud mail client, allowing a remote attacker to...

Nextcloud 信息泄露漏洞

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud suffers from an information disclosure vulnerability that stems from the fact that after storing "global credentials" on the server, the API returns...

Fedora 41 : nextcloud (2024-19e63ed69e)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-19e63ed69e advisory. 29.0.6 release RHBZ2305125 RHBZ2309499 fixes CVE-2024-39338 Tenable has extracted the preceding description block directly from the Fedora security advisory...

Fedora 37 : nextcloud (2022-98c1d712b5)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-98c1d712b5 advisory. Security fix for CVE-2022-39346 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

ROS-20241112-11

A vulnerability in the index.php component of Enterprise Server, a cloud-based software package for creating and using Nextcloud Server data storage is related to an access control flaw. Exploitation of the vulnerability could allow an attacker acting remotely to modify or delete VCards in the...

PT-2024-9160 · Nextcloud +2 · Nextcloud Enterprise Server +3

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 28.0.12 Nextcloud Server versions prior to 29.0.9 Nextcloud Server versions prior to 30.0.2 Nextcloud Enterprise Server versions prior to 25.0.13.14 Nextcloud Enterprise Server versions prior to 26.0.13.10...

Nextcloud: Exposing debug.log file leads to server full path disclosure

The debug.log file on the nextcloud.com website was publicly accessible and contained sensitive information, including the server's full directory path. This type of information disclosure could have assisted attackers in understanding the internal structure of the server...

PT-2024-9159 · Nextcloud +2 · Nextcloud Enterprise Server +3

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 28.0.11 Nextcloud Server versions prior to 29.0.8 Nextcloud Server versions prior to 30.0.1 Nextcloud Enterprise Server versions prior to 25.0.13.13 Nextcloud Enterprise Server versions prior to 26.0.13.9...

SUSE CVE-2024-46958

In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files between the server and client may become world writable or world readable. This is fixed in 3.13.4...

Nextcloud: Open redirect when logging in with user_oidc

An open redirect vulnerability was discovered in Nextcloud's useroidc app. This vulnerability allowed an attacker to redirect users to a malicious website during the login process...

DEBIAN-CVE-2024-46958

In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files between the server and client may become world writable or world readable. This is fixed in 3.13.4...

CVE-2024-46958

In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files between the server and client may become world writable or world readable. This is fixed in 3.13.4...

CVE-2024-46958

In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files between the server and client may become world writable or world readable. This is fixed in 3.13.4...

UBUNTU-CVE-2024-46958

In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files between the server and client may become world writable or world readable. This is fixed in 3.13.4...

CVE-2024-46958

The CVE applies to Nextcloud Desktop Client for Linux, versions 3.13.1–3.13.3, where the synchronization process may cause files being synchronized between server and client to become world-writable or world-readable. The issue is fixed in version 3.13.4. CVSS metrics in the provided documents sh...

CVE-2024-46958

In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files between the server and client may become world writable or world readable. This is fixed in 3.13.4...

Nextcloud Desktop Client 安全漏洞

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany.Nextcloud Desktop Client is a desktop client application for Nextcloud. A security vulnerability exists in Nextcloud Desktop Client versions 3.13.1 through...

CVE-2024-46958

In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files between the server and client may become world writable or world readable. This is fixed in 3.13.4...

CVE-2024-46958

In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files between the server and client may become world writable or world readable. This is fixed in 3.13.4...

[SECURITY] Fedora 41 Update: nextcloud-29.0.6-1.fc41

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...