CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2024/06/14 3:36 p.m.•25 views

CVE-2024-37884 Nextcloud Server's users can delete old versions of read-only shared files

Nextcloud Server is a self hosted personal cloud system. A malicious user was able to send delete requests for old versions of files they only got shared with read permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3 and that the Nextcloud Enterprise...

3.5CVSS0.00371EPSS

CVE•added 2024/06/14 3:36 p.m.•74 views

CVE-2024-37884

CVE-2024-37884 concerns Nextcloud Server where a malicious user could send delete requests for old file versions that were shared with read permissions. The initial description specifies upgraded paths: Nextcloud Server should be updated to 26.0.12 or 27.1.7 or 28.0.3, and Nextcloud Enterprise Se...

5.4CVSS4.5AI score0.00371EPSS

Vulnrichment•added 2024/06/14 3:36 p.m.•16 views

CVE-2024-37884 Nextcloud Server's users can delete old versions of read-only shared files

3.5CVSS6.7AI score0.00371EPSS

OSV•added 2024/06/14 3:36 p.m.•14 views

CVE-2024-37884 Nextcloud Server's users can delete old versions of read-only shared files

3.5CVSS5.2AI score0.00371EPSS

CVE•added 2024/06/14 3:33 p.m.•57 views

CVE-2024-37883

CVE-2024-37883 affects Nextcloud Deck (kanban tool integrated with Nextcloud). A user with access to a deck board could access comments and attachments of cards that were already deleted, indicating a disclosure issue due to Deck’s handling of deleted items. Affected versions are prior to upgrade...

4.3CVSS4.5AI score0.00381EPSS

Cvelist•added 2024/06/14 3:33 p.m.•25 views

CVE-2024-37883 Nextcloud Deck can access comments and attachments of deleted cards

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A user with access to a deck board was able to access comments and attachments of already deleted cards. It is recommended that the Nextcloud Deck app is...

4.3CVSS0.00381EPSS

Vulnrichment•added 2024/06/14 3:33 p.m.•21 views

CVE-2024-37883 Nextcloud Deck can access comments and attachments of deleted cards

4.3CVSS6.9AI score0.00381EPSS

OSV•added 2024/06/14 3:33 p.m.•11 views

CVE-2024-37883 Nextcloud Deck can access comments and attachments of deleted cards

4.3CVSS4.9AI score0.00381EPSS

Vulnrichment•added 2024/06/14 3:28 p.m.•24 views

CVE-2024-37882 Nextcloud Server can reshare read&share only folder with more permissions

Nextcloud Server is a self hosted personal cloud system. A recipient of a share with read&share permissions could reshare the item with more permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.13 or 27.1.8 or 28.0.4 and that the Nextcloud Enterprise Server is upgraded to...

8.1CVSS6.9AI score0.00538EPSS

OSV•added 2024/06/14 3:28 p.m.•16 views

CVE-2024-37882 Nextcloud Server can reshare read&share only folder with more permissions

8.1CVSS7.7AI score0.00538EPSS

Cvelist•added 2024/06/14 3:28 p.m.•23 views

CVE-2024-37882 Nextcloud Server can reshare read&share only folder with more permissions

8.1CVSS0.00538EPSS

CVE•added 2024/06/14 3:28 p.m.•82 views

CVE-2024-37882

CVE-2024-37882 affects Nextcloud Server (and Enterprise Server per advisory) where a recipient of a share with read&share permissions could reshared the item with higher permissions. The NVD entry lists higher impact on confidentiality and integrity (C/H, I/H) but no availability impact, with net...

8.1CVSS8AI score0.00538EPSS

Cvelist•added 2024/06/14 3:25 p.m.•22 views

CVE-2024-37317 Nextcloud Notes app can be tricked into using a received share created before the user logged in

The Nextcloud Notes app is a distraction free notes taking app for Nextcloud. If an attacker managed to share a folder called Notes/ with a newly created user before they logged in, the Notes app would use that folder store the personal notes. It is recommended that the Nextcloud Notes app is...

4.6CVSS0.00312EPSS

Vulnrichment•added 2024/06/14 3:25 p.m.•22 views

CVE-2024-37317 Nextcloud Notes app can be tricked into using a received share created before the user logged in

4.6CVSS7.1AI score0.00312EPSS

CVE•added 2024/06/14 3:25 p.m.•66 views

CVE-2024-37317

The CVE-2024-37317 issue affects Nextcloud Notes: if an attacker shares a folder named Notes/ with a newly created user before login, the Notes app may store personal notes in that folder. This is tied to versions prior to 4.9.3. Exploitation status is not detailed in the provided documents. Reme...

4.6CVSS4.6AI score0.00312EPSS

OSV•added 2024/06/14 3:25 p.m.•14 views

CVE-2024-37317 Nextcloud Notes app can be tricked into using a received share created before the user logged in

4.6CVSS4.8AI score0.00312EPSS

Cvelist•added 2024/06/14 3:23 p.m.•29 views

CVE-2024-37316 Nextcloud Calendar's event create can create attachments that link to other websites

Nextcloud Calendar is a calendar app for Nextcloud. Authenticated users could create an event with manipulated attachment data leading to a bad redirect for participants when clicked. It is recommended that the Nextcloud Calendar App is upgraded to 4.6.8 or 4.7.2...

4.6CVSS0.00362EPSS

CVE•added 2024/06/14 3:23 p.m.•65 views

CVE-2024-37316

CVE-2024-37316 affects Nextcloud Calendar. Authenticated users can create events with manipulated attachment data, causing a bad redirect for participants when clicked. Affected component: Nextcloud Calendar app. Root cause: improper handling of attachment data during event creation leading to re...

4.6CVSS4.6AI score0.00362EPSS