4980 matches found
CVE-2022-24838
Nextcloud Calendar is a calendar application for the nextcloud framework. SMTP Command Injection in Appointment Emails via Newlines: as newlines and special characters are not sanitized in the email value in the JSON request, a malicious attacker can inject newlines to break out of the RCPT TO:...
Command injection
Nextcloud Calendar is a calendar application for the nextcloud framework. SMTP Command Injection in Appointment Emails via Newlines: as newlines and special characters are not sanitized in the email value in the JSON request, a malicious attacker can inject newlines to break out of the RCPT TO:...
CVE-2022-24838
The CVE-2022-24838 issue affects Nextcloud Calendar (the calendar app for Nextcloud). The vulnerability arises because newlines and special characters in the email value within the JSON request are not sanitized, allowing an attacker to break out of the SMTP command RCPT TO: and inject arbitrary ...
CVE-2022-24838 Command Injection in Appointment Emails for Nextcloud Calendar
Nextcloud Calendar is a calendar application for the nextcloud framework. SMTP Command Injection in Appointment Emails via Newlines: as newlines and special characters are not sanitized in the email value in the JSON request, a malicious attacker can inject newlines to break out of the RCPT TO:...
CVE-2022-24838 Command Injection in Appointment Emails for Nextcloud Calendar
Nextcloud Calendar is a calendar application for the nextcloud framework. SMTP Command Injection in Appointment Emails via Newlines: as newlines and special characters are not sanitized in the email value in the JSON request, a malicious attacker can inject newlines to break out of the RCPT TO:...
CVE-2022-24838 Command Injection in Appointment Emails for Nextcloud Calendar
Nextcloud Calendar is a calendar application for the nextcloud framework. SMTP Command Injection in Appointment Emails via Newlines: as newlines and special characters are not sanitized in the email value in the JSON request, a malicious attacker can inject newlines to break out of the RCPT TO:...
Command Injection in Appointment Emails for Calendar
None...
Nextcloud 注入漏洞
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An injection vulnerability exists in Nextcloud Calendar, which originates from injecting SMTP commands in email messages via line breaks...
Nextcloud Calendar -- SMTP Command Injection
reports: SMTP Command Injection in Appointment Emails via Newlines: as newlines and special characters are not sanitized in the email value in the JSON request, a malicious attacker can inject newlines to break out of the RCPT TO: SMTP command and begin injecting arbitrary SMTP commands...
The vulnerability of the function of the NextCloud clipboard synchronization tool, which allows a hacker to gain access to confidential data.
The vulnerability of the function of the client-side encryption tool for Nextcloud’s desktop synchronization platform relates to the lack of verification of the ownership of the private key of previously uploaded public certificates. Exploiting this vulnerability allows a malicious actor to gain...
openSUSE 15 Security Update : nextcloud (openSUSE-SU-2022:0098-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0098-1 advisory. - Nextcloud server is a self hosted system designed to provide cloud style services. In affected versions the User Status API did not...
OPENSUSE-SU-2022:0098-1 Security update for nextcloud
This update for nextcloud fixes the following issues: nextcloud was updated to 21.0.9: - CVE-2021-41239 CWE-200: user enumeration setting not obeyed in User Status API boo1196905 - CVE-2021-41241 CWE-863: groupfolders advanced permissions is not obeyed for subfolders boo1196908 - CVE-2021-41741...
Security update for nextcloud (moderate)
openSUSE Security Update: Security update for nextcloud Announcement ID: openSUSE-SU-2022:0098-1 Rating: moderate References: 1196905 1196908 1196952 Cross-References: CVE-2021-41239 CVE-2021-41241 CVE-2021-41741 CVSS scores: CVE-2021-41239 NVD : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N...
Nextcloud: Moderator can enable cam/mic remotely if cam/mic-permission was disabled while user has activated cam/mic
Summary: add summary of the vulnerability Steps To Reproduce: 1. Create a Call as User A Moderator 2. Add User B to the call 3. Start the call as User A 4. User B joins the call and enables the camera 5. User A removes all permissions for User B, cam and mic are now disabled 6. User A grants all...
Nextcloud 安全漏洞
Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud. An attacker could trigger a denial of service by generating an image preview to overload Nextcloud...
OPENSUSE-SU-2022:0089-1 Security update for nextcloud
This update for nextcloud fixes the following issues: nextcloud was updated to 21.0.9: - CVE-2021-41239 CWE-200: user enumeration setting not obeyed in User Status API boo1196905 - CVE-2021-41241 CWE-863: groupfolders advanced permissions is not obeyed for subfolders boo1196908 - CVE-2021-41741...
Security update for nextcloud (moderate)
openSUSE Security Update: Security update for nextcloud Announcement ID: openSUSE-SU-2022:0089-1 Rating: moderate References: 1196905 1196908 1196952 Cross-References: CVE-2021-41239 CVE-2021-41241 CVE-2021-41741 CVSS scores: CVE-2021-41239 NVD : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N...
Nextcloud: SMTP Command Injection in iCalendar Attachments to Emails via Newlines
Note: This is similar to 1509216, but has a new source/attack vector. Apologies for not picking this up earlier. Summary: When users receive iCalendar attachments in Mail, there is an option to add it to their calendar: ██████████ Once they add it to calendar, a PUT request is sent: PUT...
Nextcloud Information Disclosure Vulnerability (CNVD-2022-20155)
Nextcloud is a set of open source self-hosted file synchronization and sharing communication applications platform from Nextcloud Germany.A security vulnerability exists in Nextcloud Server, which is due to an issue with the Nextcloud Text application which is provided with Nextcloud Server by...
Nextcloud: SMTP Command Injection in Appointment Emails via Newlines
Summary: Users can create appointment calendars for other users to book slots on their calendar. When booking a slot, the following request is made: POST /apps/calendar/appointment/1/book HTTP/2 Host: 192.168.92.132 "start":1647306900,"end":"1647307200","displayName":"Test...