Nextcloud 路径遍历漏洞

Nextcloud is an open source set of self-hosted file synchronization and sharing communication applications platform from Germany-based Nextcloud. nextcloud has a file traversal vulnerability in versions prior to 20.0.13, 21.0.5, and 22.2.0, which stems from a lack of authentication, access contro...

Nextcloud 信息泄露漏洞

Nextcloud is an open source, self-hosted file synchronization and sharing communications application platform from Nextcloud Germany. nextcloud OfficeOnline applications prior to version 1.1.1 are vulnerable to an information disclosure vulnerability in which the vulnerable application returns...

Nextcloud: When sharing a Deck card in conversation the metaData can be manipulated to open arbitrary URL

Summary: This report is similar to 1337178 In Nextcloud Deck a user can post their decks in to a conversation via nextcloud talk. The link in metaData can be manipulated to point to a another URL. Steps To Reproduce: 0. Setup burpsuite to proxy 1. Go to Nextcloud Deck and pick a board 2. Pick any...

Nextcloud: Read-only users can restore old versions

Read-only users were able to restore old versions of files in Nextcloud...

Nextcloud: Error in Deleting Deck cards attachment reveals the full path of the website

Summary: An error in deck cards when deleting an attachment reveals the full path of the website. DELETE /apps/deck/cards/11/attachment/file:1 HTTP/2 Host: ctulhu.me/nc Sec-Ch-Ua: "Chromium";v="93", " Not;A Brand";v="99" Accept: application/json, text/plain, / Sec-Ch-Ua-Mobile: ?0 User-Agent:...

Updated nextcloud-client packages fix security vulnerability

Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register with a Provider" flow. CVE-2021-22895 In versions prior to 3.3.0, the Nextcloud Desktop client fails to check if a private key belongs to...

MGASA-2021-0421 Updated nextcloud-client packages fix security vulnerability

Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register with a Provider" flow. CVE-2021-22895 In versions prior to 3.3.0, the Nextcloud Desktop client fails to check if a private key belongs to...

Debian: Security Advisory (DSA-4974-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the Nextcloud desktop synchronization tool’s client relates to authentication process errors, which allow attackers to compromise data integrity.

The vulnerability of the Nextcloud desktop synchronization tool’s client lies in the lack of SSL certificate verification when using the “Register with a Provider” protocol. Exploiting this vulnerability allows an attacker to compromise data integrity remotely...

[SECURITY] [DSA 4974-1] nextcloud-desktop security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4974-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 19, 2021 https://www.debian.org/security/faq -...

Debian DSA-4974-1 : nextcloud-desktop - security update

The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-4974 advisory. - Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the Register...

DSA-4974-1 nextcloud-desktop - security update

Bulletin has no description...

OPENSUSE-SU-2021:1275-1 Security update for nextcloud

This update for nextcloud fixes the following issues: Update to 20.0.12 Fix boo1190291 - CVE-2021-32766 CWE-209: Generation of Error Message Containing Sensitive Information - CVE-2021-32800 CWE-306: Missing Authentication for Critical Function - CVE-2021-32801 CWE-532: Insertion of Sensitive...

Security update for nextcloud (important)

openSUSE Security Update: Security update for nextcloud Announcement ID: openSUSE-SU-2021:1275-1 Rating: important References: 1190291 Cross-References: CVE-2021-32766 CVE-2021-32800 CVE-2021-32801 CVE-2021-32802 CVSS scores: CVE-2021-32800 NVD : 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N...

openSUSE 15 Security Update : nextcloud (openSUSE-SU-2021:1253-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1253-1 advisory. - Nextcloud Text is an open source plaintext editing application which ships with the nextcloud server. In affected versions the Nextcloud...

openSUSE 15 Security Update : nextcloud (openSUSE-SU-2021:1255-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1255-1 advisory. - Nextcloud Text is an open source plaintext editing application which ships with the nextcloud server. In affected versions the Nextcloud...

openSUSE: Security Advisory for nextcloud (openSUSE-SU-2021:1253-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2021:1255-1 Security update for nextcloud

This update for nextcloud fixes the following issues: Update to 20.0.12 Fix boo1190291 - CVE-2021-32766 CWE-209: Generation of Error Message Containing Sensitive Information - CVE-2021-32800 CWE-306: Missing Authentication for Critical Function - CVE-2021-32801 CWE-532: Insertion of Sensitive...

OPENSUSE-SU-2021:1253-1 Security update for nextcloud

This update for nextcloud fixes the following issues: Update to 20.0.12 Fix boo1190291 - CVE-2021-32766 CWE-209: Generation of Error Message Containing Sensitive Information - CVE-2021-32800 CWE-306: Missing Authentication for Critical Function - CVE-2021-32801 CWE-532: Insertion of Sensitive...

OPENSUSE-SU-2021:1252-1 Security update for nextcloud

This update for nextcloud fixes the following issues: Update to 20.0.12 Fixed security issues boo1190291: - CVE-2021-32766 CWE-209: Generation of Error Message Containing Sensitive Information - CVE-2021-32800 CWE-306: Missing Authentication for Critical Function - CVE-2021-32801 CWE-532: Inserti...