CVE-2021-39225

Nextcloud is an open-source, self-hosted productivity platform. A missing permission check in Nextcloud Deck before 1.2.9, 1.4.5 and 1.5.3 allows another authenticated users to access Deck cards of another user. It is recommended that the Nextcloud Deck App is upgraded to 1.2.9, 1.4.5 or 1.5.3...

MAL-2024-2376 Malicious code in flight-deck-frontend-client (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in flight-deck-frontend-client (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2024-37883

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A user with access to a deck board was able to access comments and attachments of already deleted cards. It is recommended that the Nextcloud Deck app is...

CVE-2024-37883 Nextcloud Deck can access comments and attachments of deleted cards

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A user with access to a deck board was able to access comments and attachments of already deleted cards. It is recommended that the Nextcloud Deck app is...

CVE-2024-37883 Nextcloud Deck can access comments and attachments of deleted cards

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A user with access to a deck board was able to access comments and attachments of already deleted cards. It is recommended that the Nextcloud Deck app is...

CVE-2024-37883

CVE-2024-37883 affects Nextcloud Deck (kanban tool integrated with Nextcloud). A user with access to a deck board could access comments and attachments of cards that were already deleted, indicating a disclosure issue due to Deck’s handling of deleted items. Affected versions are prior to upgrade...

CVE-2024-37883 Nextcloud Deck can access comments and attachments of deleted cards

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A user with access to a deck board was able to access comments and attachments of already deleted cards. It is recommended that the Nextcloud Deck app is...

PT-2024-27809 · Nextcloud · Nextcloud Deck

Name of the Vulnerable Software and Affected Versions: Nextcloud Deck versions prior to 1.6.6 Nextcloud Deck versions prior to 1.7.5 Nextcloud Deck versions prior to 1.8.7 Nextcloud Deck versions prior to 1.9.6 Nextcloud Deck versions prior to 1.11.3 Nextcloud Deck versions prior to 1.12.1...

Nextcloud Security Breach

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Deck versions prior to 1.6.6, prior to 1.7.5, prior to 1.8.7, prior to 1.9.6, prior to 1.11.3, and prior to...

CVE-2023-52738

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/fence: Fix oops due to non-matching drmsched init/fini Currently amdgpu calls drmschedfini from the fence driver sw fini routine - such function is expected to be called only after the respective init function -...

SUSE CVE-2023-52738

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/fence: Fix oops due to non-matching drmsched init/fini Currently amdgpu calls drmschedfini from the fence driver sw fini routine - such function is expected to be called only after the respective init function -...

719component (>=1.1.1 <=1.1.6), @21st-night/analytics-web (>=0.65.0 <=0.79.0) +903 more potentially affected by CVE-2024-34342 via react-pdf (>=0.0.10 <=7.7.1)

react-pdf NPM version =0.0.10, =1.1.1, =0.65.0, =0.67.0, =0.53.0, =0.53.0, =0.53.0, =0.53.0, =0.34.0, =0.49.0, =0.53.0, =0.34.0, =0.53.0, =0.34.0, =0.53.0, =0.34.0, =0.48.8 and more Source cves: CVE-2024-34342 Source advisory: OSV:GHSA-87HQ-Q4GP-9WR4...

Nextcloud: Easy way to create a new Deck board without permission

A vulnerability was discovered that allowed users to create new boards without permission. The vulnerability involved cloning an existing board and renaming it, bypassing the restrictions set by the admin to limit board creation to specific groups...

Nextcloud: Deck app allows to spoof file extensions by using RTLO characters

The Deck app was found to allow spoofing of file extensions by using RTLO characters...

Design/Logic Flaw

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions users could be tricked into executing malicious code that would execute in their browser via HTML sent as a comment. It is recommended that the...

CVE-2024-22213 Cross-site Scripting when sending HTML as a comment in the Nextcloud Deck app

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions users could be tricked into executing malicious code that would execute in their browser via HTML sent as a comment. It is recommended that the...

CVE-2024-22213 Cross-site Scripting when sending HTML as a comment in the Nextcloud Deck app

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions users could be tricked into executing malicious code that would execute in their browser via HTML sent as a comment. It is recommended that the...

CVE-2024-22213

CVE-2024-22213 affects Nextcloud Deck (kanban-style app) and enables cross-site scripting via HTML submitted as a comment. The root cause is untrusted HTML execution in the Deck comment flow, allowing malicious code to run in a user’s browser. Affected versions include Deck 1.9.x and 1.10.x lines...

Self XSS when sending HTML as a comment in the Deck app

None...