SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2020:0468-1)

This update for webkit2gtk3 to version 2.26.4 fixes the following issues : Security issues fixed : CVE-2019-8835: Fixed multiple memory corruption issues bsc1161719. CVE-2019-8844: Fixed multiple memory corruption issues bsc1161719. CVE-2019-8846: Fixed a use-after-free issue bsc1161719...

SUSE-SU-2020:0468-1 Security update for webkit2gtk3

This update for webkit2gtk3 to version 2.26.4 fixes the following issues: Security issues fixed: - CVE-2019-8835: Fixed multiple memory corruption issues bsc1161719. - CVE-2019-8844: Fixed multiple memory corruption issues bsc1161719. - CVE-2019-8846: Fixed a use-after-free issue bsc1161719. -...

Updated nextcloud packages fix security vulnerability

Updated nextcloud packages fix security vulnerability: A bug in Nextcloud Server causes the workflow rules to depend their behavior on the file extension when checking file mimetypes CVE-2019-15613. The nextcloud package has been updated to version 15.0.14, fixing this issue and other bugs...

MGASA-2020-0099 Updated nextcloud packages fix security vulnerability

Updated nextcloud packages fix security vulnerability: A bug in Nextcloud Server causes the workflow rules to depend their behavior on the file extension when checking file mimetypes CVE-2019-15613. The nextcloud package has been updated to version 15.0.14, fixing this issue and other bugs...

Nextcloud: Mail does not verify IMAP/SMTP host connected via TLS

The Mail app should verify that the servers it connects to are listed in the certificate's CN. Otherwise the connection should be aborted. Originally reported at https://github.com/nextcloud/mail/issues/308 Impact The app could be forced into connecting to an insecure server...

openSUSE Security Update : nextcloud (openSUSE-2020-220)

This update for nextcloud fixes the following issues : Nextcloud was updated to 15.0.14 : - NC-SA-2020-002, CVE-2019-15613: workflow rules to depend their behaviour on the file extension when checking file mimetypes boo1162766 - NC-SA-2019-016, CVE-2019-15623: Exposure of Private Information caus...

OPENSUSE-SU-2020:0229-1 Security update for nextcloud

This update for nextcloud fixes the following issues: Nextcloud was updated to 15.0.14: - NC-SA-2020-002, CVE-2019-15613: workflow rules to depend their behaviour on the file extension when checking file mimetypes boo1162766 - NC-SA-2019-016, CVE-2019-15623: Exposure of Private Information caused...

Nextcloud Circles Authorization Issues Vulnerabilities

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An authorization issue vulnerability exists in Nextcloud Circles. The vulnerability stems from a lack of authentication measures or insufficient authenticatio...

Nextcloud Server Authorization Issues Vulnerability (CNVD-2020-12759)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An authorization issue vulnerability exists in Nextcloud Server. The vulnerability stems from a lack of authentication measures or insufficient authentication...

Nextcloud Data Forgery Issue Vulnerability

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud is vulnerable to a data forgery issue. The vulnerability arises from a network system or product that does not adequately validate the origin or...

Nextcloud iOS Cross-Site Scripting Vulnerability

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A cross-site scripting vulnerability exists in Nextcloud iOS. The vulnerability stems from a lack of proper validation of client-side data by the web...

Nextcloud Server Authorization Issues Vulnerability (CNVD-2020-12763)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An authorization issue vulnerability exists in Nextcloud Server. The vulnerability stems from a lack of authentication measures or insufficient authentication...

Nextcloud Server Cross-Site Scripting Vulnerability (CNVD-2020-10426)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A cross-site scripting vulnerability exists in Nextcloud Server. The vulnerability stems from a lack of proper validation of client-side data by the WEB...

Nextcloud Server Injection Vulnerability

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An injection vulnerability exists in Nextcloud Server. The vulnerability arises from a lack of proper validation of user input data by a network system or...

Nextcloud Talk Authorization Issues Vulnerability

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud Talk is vulnerable to an authorization issue. The vulnerability stems from errors such as configuration during operation of a networked system or...

Nextcloud Server, Talk and Deck Cross-Site Scripting Vulnerabilities

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A cross-site scripting vulnerability exists in Nextcloud Server, Talk and Deck. The vulnerability stems from a lack of proper validation of client-side data b...

Nextcloud Information Disclosure Vulnerability (CNVD-2020-12755)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An information disclosure vulnerability exists in Nextcloud. The vulnerability stems from an error in configuration or other errors in the operation of a...

Nextcloud Input Validation Error Vulnerability

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud is vulnerable to an input validation error. The vulnerability originates from a network system or product that does not properly validate incoming...

Nextcloud Server Access Control Error Vulnerability (CNVD-2020-12757)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An Access Control Error vulnerability exists in Nextcloud Server. The vulnerability arises from a network system or product not properly restricting access to...

Nextcloud Android Access Control Error Vulnerability

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An access control error vulnerability exists in Nextcloud Android. The vulnerability arises from a network system or product not properly restricting access t...