The vulnerability of the Calendar component in the cloud software for creating and using the Nextcloud Server storage service allows a perpetrator to gain access to confidential information.

The vulnerability of the Calendar component in the cloud software for creating and using the Nextcloud Server storage service is related to improper access control. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to confidential information...

ROS-20240628-01

A vulnerability in the Notes file of the distraction-free note-taking app for Nextcloud is related to the The ability to share a Notes folder with a new user before they are logged in. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive informatio...

ROS-20240627-06

A vulnerability in the Calendar component of cloud storage creation and utilization software Nextcloud Server is related to improper access control. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information Vulnerability in the 2FA component...

Unspecified Vulnerability in Nextcloud Calendar (CNVD-2024-31492)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Calendar, which can be exploited by an authenticated attacker to create attachments that link to other websites v...

Nextcloud Access Control Error Vulnerability (CNVD-2024-29657)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud suffers from an Access Control Error vulnerability that stems from a lack of access control, which can be exploited by an attacker to register an...

Unspecified Vulnerability in Nextcloud (CNVD-2024-29655)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud Photos suffers from a security vulnerability that stems from the ability for users to delete photos from registered users' albums. No details of the...

Unspecified Vulnerability in Nextcloud (CNVD-2024-29654)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server that stems from the fact that a sharing recipient with read and share permissions could reshare the item...

Nextcloud Server < 25.0.13.7, 26.x < 26.0.13, 27.x < 27.1.8, 28.x < 28.0.4 Improper Access Control Vulnerability (GHSA-xwgx-f37p-xh8c)

Nextcloud Server is prone to an improper access control vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Nextcloud Server < 23.0.12.17, 24.x < 24.0.12.13, 25.x < 25.0.13.8, 26.x < 26.0.13, 27.x < 27.1.8, 28.x < 28.0.4 Improper Access control Vulnerability (GHSA-jjm3-j9xh-5xmq)

Nextcloud Server is prone to an improper access control vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Nextcloud Server < 23.0.12.16, 24.x < 24.0.12.12, 25.x < 25.0.13.16, 26.x < 26.0.12, 27.x < 27.1.7, 28.x < 28.0.3 Improper Access Control Vulnerability (GHSA-5mq8-738w-5942)

Nextcloud Server is prone to an improper access control vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Nextcloud Server < 21.0.9.17, 22.x < 22.2.10.22, 23.x < 23.0.12.17, 24.x < 24.0.12.14, 25.x < 25.0.13.8, 26.x < 26.0.13, 27.x < 27.1.8, 28.x < 28.0.4 Improper Authentication Vulnerability (GHSA-9v72-9xv5-3p7c)

Nextcloud Server is prone to an improper authentication vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Nextcloud Server < 27.1.10, 28.x < 28.0.6, 29.x < 29.0.1 Information Disclosure Vulnerability (GHSA-h4xv-cjpm-j595)

Nextcloud Server is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

SUSE CVE-2024-37313

Nextcloud server is a self hosted personal cloud system. Under some circumstance it was possible to bypass the second factor of 2FA after successfully providing the user credentials. It is recommended that the Nextcloud Server is upgraded to 26.0.13, 27.1.8 or 28.0.4 and Nextcloud Enterprise Serv...

SUSE CVE-2024-37315

Nextcloud Server is a self hosted personal cloud system. An attacker with read-only access to a file is able to restore older versions of a document when the filesversions app is enabled. It is recommended that the Nextcloud Server is upgraded to 26.0.12, 27.1.7 or 28.0.3 and that the Nextcloud...

SUSE CVE-2024-37882

Nextcloud Server is a self hosted personal cloud system. A recipient of a share with read&share permissions could reshare the item with more permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.13 or 27.1.8 or 28.0.4 and that the Nextcloud Enterprise Server is upgraded to...

SUSE CVE-2024-37884

Nextcloud Server is a self hosted personal cloud system. A malicious user was able to send delete requests for old versions of files they only got shared with read permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3 and that the Nextcloud Enterprise...

SUSE CVE-2024-37885

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. A code injection in Nextcloud Desktop Client for macOS allowed to load arbitrary code when starting the client with DYLDINSERTLIBRARIES set in the enviroment. It is recommended that the Nextcloud...

SUSE CVE-2024-37887

Nextcloud Server is a self hosted personal cloud system. Private shared calendar events' recurrence exceptions can be read by sharees. It is recommended that the Nextcloud Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1 and that the Nextcloud Enterprise Server is upgraded to 27.1.10 or 28.0.6 o...

OPENSUSE-SU-2024:11087-1 nextcloud-22.1.1-1.2 on GA media

These are all security issues fixed in the nextcloud-22.1.1-1.2 package on the GA media of openSUSE Tumbleweed...

CVE-2024-37887

Nextcloud Server is a self hosted personal cloud system. Private shared calendar events' recurrence exceptions can be read by sharees. It is recommended that the Nextcloud Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1 and that the Nextcloud Enterprise Server is upgraded to 27.1.10 or 28.0.6 o...