Debian: Security Advisory (DLA-4303-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DLA-4303-1 nextcloud-desktop - security update

Bulletin has no description...

Debian dla-4303 : caja-nextcloud - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4303 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4303-1 [email protected]...

Nextcloud: Approval app allows users to request approval for other users file

A security vulnerability was discovered in the Approval app that allowed users to request approval for other users' files. The vulnerability was addressed in a security advisory...

Nextcloud: Nextcloud Tables v1 Share Enumeration Without Authorization (Regression of CVE-2024-52507)

A vulnerability was discovered in Nextcloud Tables v1 that allowed unauthorized users to enumerate shares. The vulnerability was a regression of a previously addressed issue, CVE-2024-52507...

PT-2025-49115

Name of the Vulnerable Software and Affected Versions Nextcloud versions prior to 22.2.10.33 Nextcloud versions prior to 23.0.12.29 Nextcloud versions prior to 24.0.12.28 Nextcloud versions prior to 25.0.13.23 Nextcloud versions prior to 26.0.13.20 Nextcloud versions prior to 27.1.11.20 Nextcloud...

Linux Distros Unpatched Vulnerability : CVE-2021-22879

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote...

Linux Distros Unpatched Vulnerability : CVE-2024-46958

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files between the server and client may become world writable or world readable. This i...

Linux Distros Unpatched Vulnerability : CVE-2020-8225

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials...

Linux Distros Unpatched Vulnerability : CVE-2020-8189

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html including local links when responding with invalid data on the login...

Linux Distros Unpatched Vulnerability : CVE-2025-47792

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nextcloud Desktop is the desktop sync client for Nextcloud. In versions of Nextcloud Desktop prior to 3.15, 3rdparty applications already installed on a user...

Linux Distros Unpatched Vulnerability : CVE-2020-8227

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicat...

Linux Distros Unpatched Vulnerability : CVE-2021-22895

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the Register with ...

Nextcloud: Files drop share links for end-to-end encrypted folders allowed to drop files into other folders of the share owner

Files drop share links for end-to-end encrypted folders allowed to drop files into other folders of the share owner...

Linux Distros Unpatched Vulnerability : CVE-2021-32728

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. Clients using the Nextcloud end-to-end encryption feature...

Fedora 43 : nextcloud (2025-ffaf646c29)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-ffaf646c29 advisory. Automatic update for nextcloud-31.0.5-1.fc43. Changelog Mon May 26 2025 Andrew Bauer - 31.0.5-1 - 31.0.5 release RHBZ2364462 RHBZ2366729 RHBZ2366735...

Nextcloud: Stored XSS in contacts app via organisation and title field

A stored XSS vulnerability was discovered in the contacts app of the software. The vulnerability could be triggered by inputting malicious code in the organization or title field...

Nextcloud: Calendar app allowed booking appointments without the generated token

The calendar app was found to allow booking appointments without the necessary generated token, which could have led to unauthorized access...

Nextcloud: Path Traversal Vulnerability in Nextcloud Tables Enables Arbitrary File Exfiltration of Any Files Supported by PhpSpreadsheet Library

A path traversal vulnerability was discovered in Nextcloud Tables. This vulnerability allowed the exfiltration of any files supported by the PhpSpreadsheet library...

Nextcloud: Deck app allowed user with "Can share" permission to modify permissions of other non-owners

The Deck app in Nextcloud allowed users with "Can share" permission to modify the permissions of other non-owners...