Astra Linux – Vulnerability in git-lfs

Git LFS is an extension of Git for versioning large files. When Git LFS requests credentials from Git for a remote host, it passes portions of the host’s URL to the git-credential1 command without checking for embedded line-ending control characters. It then sends any credentials it receives back...

Files or Directories Accessible to External Parties

Overview Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties through the importStdMd import process in kernel/api/import.go. An attacker can import data from sensitive or unintended local paths and potentially access or expose local files by...

SUSE CVE-2022-39331

Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application in the notifications. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue...

SUSE CVE-2022-39332

Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application via user status and information. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for...

SUSE CVE-2022-39333

Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue...

DEBIAN-CVE-2022-39333

Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue...

DEBIAN-CVE-2022-39331

Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application in the notifications. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue...

UBUNTU-CVE-2022-39331

Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application in the notifications. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue...

PT-2022-24905 · Nextcloud +2 · Nextcloud Desktop Client +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Desktop client versions prior to 3.6.1 Description: An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application via user status and information. Recommendations: For versions prior to 3.6.1, upgrad...

CVE-2022-39333 Cross-site scripting (XSS) in Nextcloud Desktop Client

Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue...

PT-2022-24904 · Nextcloud +2 · Nextcloud Desktop Client +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Desktop client versions prior to 3.6.1 Description: An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application in the notifications. There are no known workarounds for this issue. Recommendations:...

UBUNTU-CVE-2022-41882

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. In version 3.6.0, if a user received a malicious file share and has it synced locally or the virtual filesystem enabled and clicked a nc://open/ link it will open the default editor for the file...

PT-2022-26113 · Nextcloud +1 · Nextcloud Desktop Client +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Desktop Client version 3.6.0 Description: The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. In version 3.6.0, if a user received a malicious file share and has it synced locally or...

Grafana Image Renderer leaking files

Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser Chromium/Chrome. An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized fil...