4993 matches found
CVE-2024-37884
Nextcloud Server is a self hosted personal cloud system. A malicious user was able to send delete requests for old versions of files they only got shared with read permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3 and that the Nextcloud Enterprise...
CVE-2024-37885
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. A code injection in Nextcloud Desktop Client for macOS allowed to load arbitrary code when starting the client with DYLDINSERTLIBRARIES set in the enviroment. It is recommended that the Nextcloud...
CVE-2024-37883
Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A user with access to a deck board was able to access comments and attachments of already deleted cards. It is recommended that the Nextcloud Deck app is...
CVE-2024-37886
useroidc app is an OpenID Connect user backend for Nextcloud. An attacker could potentially trick the app into accepting a request that is not signed by the correct server. It is recommended that the Nextcloud useroidc app is upgraded to 1.3.5, 2.0.0, 3.0.0, 4.0.0 or 5.0.0...
CVE-2024-37882
Nextcloud Server is a self hosted personal cloud system. A recipient of a share with read&share permissions could reshare the item with more permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.13 or 27.1.8 or 28.0.4 and that the Nextcloud Enterprise Server is upgraded to...
CVE-2024-37317
The Nextcloud Notes app is a distraction free notes taking app for Nextcloud. If an attacker managed to share a folder called Notes/ with a newly created user before they logged in, the Notes app would use that folder store the personal notes. It is recommended that the Nextcloud Notes app is...
CVE-2024-37315
Nextcloud Server is a self hosted personal cloud system. An attacker with read-only access to a file is able to restore older versions of a document when the filesversions app is enabled. It is recommended that the Nextcloud Server is upgraded to 26.0.12, 27.1.7 or 28.0.3 and that the Nextcloud...
CVE-2024-37316
Nextcloud Calendar is a calendar app for Nextcloud. Authenticated users could create an event with manipulated attachment data leading to a bad redirect for participants when clicked. It is recommended that the Nextcloud Calendar App is upgraded to 4.6.8 or 4.7.2...
CVE-2024-37885
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. A code injection in Nextcloud Desktop Client for macOS allowed to load arbitrary code when starting the client with DYLDINSERTLIBRARIES set in the enviroment. It is recommended that the Nextcloud...
CVE-2024-37887 Nextcloud Server's events information leaked with shared calendars on recurrence exceptions
Nextcloud Server is a self hosted personal cloud system. Private shared calendar events' recurrence exceptions can be read by sharees. It is recommended that the Nextcloud Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1 and that the Nextcloud Enterprise Server is upgraded to 27.1.10 or 28.0.6 o...
CVE-2024-37887 Nextcloud Server's events information leaked with shared calendars on recurrence exceptions
Nextcloud Server is a self hosted personal cloud system. Private shared calendar events' recurrence exceptions can be read by sharees. It is recommended that the Nextcloud Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1 and that the Nextcloud Enterprise Server is upgraded to 27.1.10 or 28.0.6 o...
CVE-2024-37887
Vulnerability summary (CVE-2024-37887) Nextcloud Server: private shared calendar events recurrence exceptions can be read by sharees. Affected for general Nextcloud Server and Enterprise Server versions as per advisory. Impact: potential information disclosure of calendar recurrence exceptions. R...
CVE-2024-37887 Nextcloud Server's events information leaked with shared calendars on recurrence exceptions
Nextcloud Server is a self hosted personal cloud system. Private shared calendar events' recurrence exceptions can be read by sharees. It is recommended that the Nextcloud Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1 and that the Nextcloud Enterprise Server is upgraded to 27.1.10 or 28.0.6 o...
CVE-2024-37886
CVE-2024-37886 affects Nextcloud’s user_oidc OpenID Connect backend; ID4me does not validate the signature or expiration, enabling an attacker to submit requests not signed by the correct server. Upgrades are recommended to Nextcloud user_oidc versions 1.3.5, 2.0.0, 3.0.0, 4.0.0 or 5.0.0. Support...
CVE-2024-37886 Nextcloud user_oidc's ID4me does not validate signature or expiration
useroidc app is an OpenID Connect user backend for Nextcloud. An attacker could potentially trick the app into accepting a request that is not signed by the correct server. It is recommended that the Nextcloud useroidc app is upgraded to 1.3.5, 2.0.0, 3.0.0, 4.0.0 or 5.0.0...
CVE-2024-37886 Nextcloud user_oidc's ID4me does not validate signature or expiration
useroidc app is an OpenID Connect user backend for Nextcloud. An attacker could potentially trick the app into accepting a request that is not signed by the correct server. It is recommended that the Nextcloud useroidc app is upgraded to 1.3.5, 2.0.0, 3.0.0, 4.0.0 or 5.0.0...
CVE-2024-37886 Nextcloud user_oidc's ID4me does not validate signature or expiration
useroidc app is an OpenID Connect user backend for Nextcloud. An attacker could potentially trick the app into accepting a request that is not signed by the correct server. It is recommended that the Nextcloud useroidc app is upgraded to 1.3.5, 2.0.0, 3.0.0, 4.0.0 or 5.0.0...
CVE-2024-37885 Code injection in Nextcloud Desktop Client for macOS
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. A code injection in Nextcloud Desktop Client for macOS allowed to load arbitrary code when starting the client with DYLDINSERTLIBRARIES set in the enviroment. It is recommended that the Nextcloud...
CVE-2024-37885 Code injection in Nextcloud Desktop Client for macOS
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. A code injection in Nextcloud Desktop Client for macOS allowed to load arbitrary code when starting the client with DYLDINSERTLIBRARIES set in the enviroment. It is recommended that the Nextcloud...
CVE-2024-37885
CVE-2024-37885 concerns the Nextcloud Desktop Client for macOS. A code injection vulnerability allows loading arbitrary code when the client is launched with the environment variable DYLD_INSERT_LIBRARIES set, as reported for versions prior to 3.12.0. The issue stems from how the macOS client han...