4992 matches found
CVE-2023-48308 Calendar app returns full stacktrace when an error happens while editing appointment
Nextcloud/Cloud is a calendar app for Nextcloud. An attacker can gain access to stacktrace and internal paths of the server when generating an exception while editing a calendar appointment. It is recommended that the Nextcloud Calendar app is upgraded to 4.5.3...
CVE-2023-48308 Calendar app returns full stacktrace when an error happens while editing appointment
Nextcloud/Cloud is a calendar app for Nextcloud. An attacker can gain access to stacktrace and internal paths of the server when generating an exception while editing a calendar appointment. It is recommended that the Nextcloud Calendar app is upgraded to 4.5.3...
CVE-2023-48308
CVE-2023-48308 affects the Nextcloud Calendar app. The authenticated user can trigger an error while editing a calendar appointment that exposes the serverās stacktrace and internal paths. Affected software: Nextcloud Calendar prior to version 4.5.3. Root cause: error handling leaks internal debu...
CVE-2023-48308 Calendar app returns full stacktrace when an error happens while editing appointment
Nextcloud/Cloud is a calendar app for Nextcloud. An attacker can gain access to stacktrace and internal paths of the server when generating an exception while editing a calendar appointment. It is recommended that the Nextcloud Calendar app is upgraded to 4.5.3...
Nextcloud Security Breach
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in versions of Nextcloud Calendar prior to 4.5.3, which stems from an attacker being able to access the stack trace and...
Nextcloud Server Multiple Vulnerabilities (GHSA-3f8p-6qww-2prr, GHSA-5j2p-q736-hw98)
Nextcloud Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nextcloud:nextcloudserver"...
Nextcloud: Re-emergence of Security Vulnerability in Nextcloud Version 28 Previously Fixed in 25.0.4
A security vulnerability in Nextcloud version 28 was discovered, which had been previously fixed in version 25.0.4...
Bruteforce protection can be bypassed with misconfigured proxy
None...
Workflows do not require password confirmation on API level
None...
App PIN code can be bypassed in Files iOS
None...
Calendar app returns full stacktrace when an error happens while editing appointment
None...
Nextcloud: Can reshare read&share only folder with more permissions
The vulnerability allowed a user with read-only access to a folder to reshare that folder with additional permissions, such as read and write access. This could potentially allow the user to gain more permissions than they were originally granted...
Nextcloud: see card comments after remove shared board
The vulnerability allowed unauthorized access to card comments after a shared board was removed...
CVE-2023-49782
Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with Collabora Online - Built-in CODE Server app can be vulnerable to attack via proxy.php. The bug was fixed in Collabora Online - Built-in CODE Server richdocumentscode release 23.5.601...
Design/Logic Flaw
Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with Collabora Online - Built-in CODE Server app can be vulnerable to attack via proxy.php. The bug was fixed in Collabora Online - Built-in CODE Server richdocumentscode release 23.5.601...
CVE-2023-49782
CVE-2023-49782 affects Collabora Onlineās built-in CODE server (richdocumentscode) prior to version 23.5.601, exposed via proxy.php. The vulnerability is a cross-site scripting flaw in error message handling that could be triggered by crafted input. Fixed in 23.5.601; upgrade is advised. Some sou...
CVE-2023-49782 Cross-Site-Scripting vulnerability in error message passing in richdocumentscode
Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with Collabora Online - Built-in CODE Server app can be vulnerable to attack via proxy.php. The bug was fixed in Collabora Online - Built-in CODE Server richdocumentscode release 23.5.601...
CVE-2023-49782 Cross-Site-Scripting vulnerability in error message passing in richdocumentscode
Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with Collabora Online - Built-in CODE Server app can be vulnerable to attack via proxy.php. The bug was fixed in Collabora Online - Built-in CODE Server richdocumentscode release 23.5.601...
CVE-2023-48314
Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with Collabora Online Built-in CODE Server app can be vulnerable to attack via proxy.php. This vulnerability has been fixed in Collabora Online - Built-in CODE Server richdocumentscode...
CVE-2023-48314 Unescaped passing of the request URL in Collabora Online
Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with Collabora Online Built-in CODE Server app can be vulnerable to attack via proxy.php. This vulnerability has been fixed in Collabora Online - Built-in CODE Server richdocumentscode...