Lucene search
K

8 matches found

NVD
NVD
added 2024/11/15 5:15 p.m.23 views

CVE-2024-52518

Nextcloud Server is a self hosted personal cloud system. After an attacker got access to the session of a user or administrator, the attacker would be able to create, change or delete external storages without having to confirm the password. It is recommended that the Nextcloud Server is upgraded...

5.4CVSS0.00529EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/11/15 4:49 p.m.37 views

CVE-2024-52517 Nextcloud Server's global credentials of external storages are sent back to the frontend

Nextcloud Server is a self hosted personal cloud system. After storing "Global credentials" on the server, the API returns them and adds them into the frontend again, allowing to read them in plain text when an attacker already has access to an active session of a user. It is recommended that the...

4.6CVSS0.00589EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/11/15 4:49 p.m.19 views

CVE-2024-52517 Nextcloud Server's global credentials of external storages are sent back to the frontend

Nextcloud Server is a self hosted personal cloud system. After storing "Global credentials" on the server, the API returns them and adds them into the frontend again, allowing to read them in plain text when an attacker already has access to an active session of a user. It is recommended that the...

4.6CVSS7AI score0.00589EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/11/15 4:35 p.m.20 views

CVE-2024-52523 Nextcloud Server Custom defined credentials of external storages are sent back to the frontend

Nextcloud Server is a self hosted personal cloud system. After setting up a user or administrator defined external storage with fixed credentials, the API returns them and adds them into the frontend again, allowing to read them in plain text when an attacker already has access to an active sessi...

4.6CVSS7AI score0.0063EPSS
Exploits0References3
Nextcloud
Nextcloud
added 2024/11/15 1:10 p.m.28 views

Missing password confirmation when changing external storage options

None...

5.4CVSS5.1AI score0.00529EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/17 12:0 a.m.2 views

PT-2024-9164 · Nextcloud +2 · Nextcloud Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 28.0.12 Nextcloud Server versions prior to 29.0.9 Nextcloud Server versions prior to 30.0.2 Description: The issue is related to insufficient authentication procedure in Nextcloud Server, allowing an attacke...

9.8CVSS5.6AI score0.01041EPSS
Exploits6References97
OwnCloud
OwnCloud
added 2014/05/24 6:27 p.m.34 views

Improper authorization checks in files_external - ownCloud

Due to not verifying whether an user has been granted access to add external storages an authenticated user could even mount external storage e.g. SMB/FTP/etc. without permission. Affected Software ownCloud Server 6.0.3 CVE-2014-3835 ownCloud Server 5.0.16 CVE-2014-3835 Action Taken We reviewed t...

5.5CVSS6.1AI score0.01043EPSS
Exploits0Affected Software1
OwnCloud
OwnCloud
added 2014/05/24 11:54 a.m.50 views

Server: Improper authorization checks in files_external

Due to not verifying whether an user has been granted access to add external storages an authenticated user could even mount external storage e.g. SMB/FTP/etc. without permission. For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...

5.5CVSS6.1AI score0.01043EPSS
Exploits0Affected Software1
Rows per page
Query Builder