Nextcloud: Invisible Salamanders Attack against end_to_end_encryption in Nextcloud

Vulnerability description not provided...

[SECURITY] Fedora 38 Update: nextcloud-28.0.4-2.fc38

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

Fedora 38 : nextcloud (2024-d67f9827b2)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-d67f9827b2 advisory. Fix typo and 2 RPM build warnings ---- - update to 28.0.3 - fix CVE-2024-22403 Tenable has extracted the preceding description block directly from the Fedora...

Nextcloud: Incomplete sanitization in SVG preview provider

The SVG preview provider in Nextcloud suffered from incomplete sanitization, allowing potential exploitation...

Nextcloud: Events information leaked with shared calendars on recurrence exceptions

Events information leaked with shared calendars on recurrence exceptions...

Nextcloud: Event create can create attachments that link to other websites

The vulnerability allowed the creation of attachments that could link to other websites during the event creation process...

Nextcloud: User can copy locked folders and gain access to the contents

A vulnerability in Nextcloud allowed users to copy locked folders and access their contents...

Nextcloud: Weak ssh algorithms and CVE-2023-48795 Discovered on various subdomains of nextcloud.com

Security researchers discovered a vulnerability in the Secure Shell SSH cryptographic network protocol, known as Terrapin CVE-2023-48795. This vulnerability could have allowed an attacker to downgrade the security of the secure channel. Weak SSH algorithms were also identified on various subdomai...

The vulnerability of cloud software for creating and using Nextcloud Server’s data storage system, related to bypassing authentication, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of cloud-based software for creating and using Nextcloud Server storage involves the ability to include or exclude birthdays of any user on the same server in the calendar. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected...

The vulnerability of cloud software for creating and using Nextcloud Server’s data storage solution is related to improper access control, allowing attackers to circumvent existing access restrictions policies.

The vulnerability of cloud-based software for creating and using Nextcloud Server storage involves changes made by administrators to the authentication settings of external storage configured by users. Exploiting this vulnerability allows a malicious actor to circumvent existing access control...

The vulnerability of cloud-based software for creating and using Nextcloud Server’s data storage system lies in improper input validation during the creation of web pages. This allows attackers to execute cross-site scripting (XSS) attacks.

The vulnerability of cloud-based software for creating and using Nextcloud Server storage involves improper input validation during the creation of web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS remotely...

The vulnerability of cloud-based software for creating and using Nextcloud Server’s data storage system lies in improper input validation during the creation of web pages. This allows attackers to execute cross-site scripting (XSS) attacks.

The vulnerability of cloud-based software for creating and using Nextcloud Server storage solutions is related to the ability to copy HTML code without formatting Ctrl+Shift+V. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks XSS...

The vulnerability of cloud software for creating and using Nextcloud Server’s data storage solution is related to improper access control, allowing attackers to circumvent existing access restrictions.

The vulnerability of cloud-based software for creating and using Nextcloud Server lies in the ability to update any personal or global external storage, making it inaccessible to everyone else. Exploiting this vulnerability could allow a malicious actor to circumvent existing access control...

ROS-20240402-12

A vulnerability in Nextcloud cloud storage creation and utilization software Server is related to the ability to update any personal or global external storage, making it inaccessible to everyone else. Exploitation of the vulnerability could allow an attacker, acting remotely, to bypass existing...

Nextcloud: Ability to by-pass second factor

The advisory described a vulnerability that allowed bypassing the second factor authentication in Nextcloud. The vulnerability was addressed in a security update...

openSUSE: Security Advisory for nextcloud (openSUSE-SU-2023:0090-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for nextcloud (openSUSE-SU-2023:0171-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for nextcloud (openSUSE-SU-2023:0083-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Nextcloud: Easy way to create a new Deck board without permission

A vulnerability was discovered that allowed users to create new boards without permission. The vulnerability involved cloning an existing board and renaming it, bypassing the restrictions set by the admin to limit board creation to specific groups...

Nextcloud: Can download files on Android app without permission

A vulnerability was discovered in the Android app where users could download files shared with them, even if the owner had disabled the download option. The vulnerability affected various file types, including PDF, document, image, and presentation files. The vulnerability allowed users to access...