Nextcloud: Leak arbitrary file under nextcloud android client privacy directory

Steps to reproduce: 1.install and login nextcloud android client 2.create a directory and set it 'shareable' 3.install the poc app "setresultcontactphotocrop" key code: EvilActivity public class EvilActivity extends AppCompatActivity final static String PRIVATEURI =...

[SECURITY] Fedora 34 Update: gnome-online-miners-3.34.0-8.fc34

GNOME Online Miners provides a set of crawlers that go through your online content and index them locally in Tracker. It has miners for Facebook, Flic kr, Google, OneDrive and Nextcloud...

[SECURITY] Fedora 34 Update: gnome-online-accounts-3.39.92-1.fc34

GNOME Online Accounts provides interfaces so that applications and libraries in GNOME can access the user's online accounts. It has providers for Google, Nextcloud, Facebook, Flickr, Foursquare, Microsoft Account, Microsoft Exchange, IMAP/SMTP and Kerberos...

Fedora: Security Advisory for gnome-online-accounts (FEDORA-2021-303f6623fa)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for gnome-online-miners (FEDORA-2021-303f6623fa)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Nextcloud: Create alias does not validate account id

The request to create a new alias does not validate that account id belongs to the current user. Also we don't validate that the account id exists. curl 'http://localhost:50001/index.php/apps/mail/api/accounts/2000/aliases' \ -H 'Connection: keep-alive' \ -H 'Pragma: no-cache' \ -H 'Cache-Control...

Nextcloud Access Control Error Vulnerability

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in versions prior to Nextcloud 20.0.6, which stems from a missing user check inadvertently populating another user's external...

Unspecified Vulnerability in Nextcloud

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in versions of Nextcloud Server prior to 20.0.0 that stems from a recoverable format storage password, even if external storag...

Nextcloud Server Multiple Vulnerabilities (NC-SA-2021-004, NC-SA-2021-005)

Nextcloud Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nextcloud:nextcloudserver"...

Nextcloud Server < 20.0.0 Multiple Vulnerabilities (NC-SA-2020-040, NC-SA-2020-041, NC-SA-2021-006)

Nextcloud Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nextcloud:nextcloudserver"...

Nextcloud Server Cross-Site Scripting Vulnerability (CNVD-2021-14767)

Nextcloud is a set of client-server software for creating file hosting services and using them. A reflected cross-site scripting vulnerability exists in Nextcloud Server versions prior to 20.0.6. The vulnerability stems from a lack of validation in OC.Notification.show. An attacker could exploit...

CVE-2021-22878

Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site scripting XSS due to lack of sanitization in OC.Notification.show...

CVE-2021-22877

A missing user check in Nextcloud prior to 20.0.6 inadvertently populates a user's own credentials for other users external storage configuration when not already configured yet...

CVE-2021-22878

Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site scripting XSS due to lack of sanitization in OC.Notification.show...

CVE-2021-22877

A missing user check in Nextcloud prior to 20.0.6 inadvertently populates a user's own credentials for other users external storage configuration when not already configured yet...

CVE-2020-8296

Nextcloud Server prior to 20.0.0 stores passwords in a recoverable format even when external storage is not configured...

CVE-2020-8296

Nextcloud Server prior to 20.0.0 stores passwords in a recoverable format even when external storage is not configured...

Cross site scripting

Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site scripting XSS due to lack of sanitization in OC.Notification.show...

Code injection

A missing user check in Nextcloud prior to 20.0.6 inadvertently populates a user's own credentials for other users external storage configuration when not already configured yet...

Format string

Nextcloud Server prior to 20.0.0 stores passwords in a recoverable format even when external storage is not configured...