156 matches found
Important: Red Hat Security Advisory: rsync security update
An update for rsync is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Nextcloud Information Disclosure Vulnerability (CNVD-2022-20155)
Nextcloud is a set of open source self-hosted file synchronization and sharing communication applications platform from Nextcloud Germany.A security vulnerability exists in Nextcloud Server, which is due to an issue with the Nextcloud Text application which is provided with Nextcloud Server by...
Nextcloud server denial of service vulnerability (CNVD-2022-20690)
Nextcloud is an open source, self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. nextcloud server has a denial of service vulnerability that stems from a networked system or product that does not properly validate data boundaries when performing...
Nextcloud file traversal vulnerability
Nextcloud is an open source set of self-hosted file synchronization and sharing communication applications platform from Germany-based Nextcloud. nextcloud has a file traversal vulnerability in versions prior to 20.0.13, 21.0.5, and 22.2.0, which stems from a lack of authentication, access contro...
Nextcloud Richdocuments Information Disclosure Vulnerability
Nextcloud is a set of open source self-hosted file synchronization and sharing communication applications platform from Germany-based Nextcloud. nextcloud Richdocuments application in versions prior to 3.8.6 and 4.2.3 is vulnerable to an information disclosure vulnerability where the vulnerable...
Nextcloud OfficeOnline Information Disclosure Vulnerability
Nextcloud is an open source, self-hosted file synchronization and sharing communications application platform from Nextcloud Germany. nextcloud OfficeOnline applications prior to version 1.1.1 are vulnerable to an information disclosure vulnerability in which the vulnerable application returns...
Nextcloud has an unspecified vulnerability (CNVD-2022-18419)
Nextcloud Text is an open source self-hosted file synchronization and sharing communication application platform from the German company Nextcloud. Nextcloud Text has a security vulnerability that could be exploited by attackers to enumerate folders in such shares...
Nextcloud Circles Cross-Site Scripting Vulnerability
A cross-site scripting vulnerability exists in Nextcloud Circles, an open source, self-hosted file synchronization and sharing communication application platform from Nextcloud Germany, which stems from the failure of the product's Content-Security-Policy to properly handle incoming input data in...
CVE-2021-37617
Summary of CVE-2021-37617 : The Nextcloud Desktop Client (Windows) contains a vendor- and user-controlled uninstall search path flaw. In versions 3.0.3 through 3.2.4, the client searches for an Uninstall.exe file in a folder writable by regular users. A malicious user could place a crafted Uninst...
Nextcloud Cross-Site Scripting Vulnerability (CNVD-2021-51801)
Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A cross-site scripting vulnerability exists in Nextcloud Text in versions prior to 19.0.13, 20.0.11 and 21.0.3. No detailed vulnerability details are availabl...
Nextcloud Information Disclosure Vulnerability (CNVD-2021-51797)
Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An information disclosure vulnerability exists in Nextcloud Server in versions prior to 19.0.13, 20.011, and 21.0.3, which could result in the full path of a...
Unspecified vulnerability in Nextcloud (CNVD-2021-51795)
Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server versions prior to 19.0.13, 20.011, and 21.0.3, which can be exploited by an attacker to enumerate...
Nextcloud Resource Management Error Vulnerability
Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A vulnerability exists in Nextcloud Resource Management Error Vulnerability. No detailed vulnerability details are provided at this time...
CVE-2021-21404
Syncthing is a continuous file synchronization program. In Syncthing before version 1.15.0, the relay server strelaysrv can be caused to crash and exit by sending a relay message with a negative length field. Similarly, Syncthing itself can crash for the same reason if given a malformed message...
Sync Breeze Enterprise Denial of Service Vulnerability
Sync Breeze Enterprise is a file synchronization utility that allows you to synchronize and manage the disk files of your networked computers, mainly used to categorize, save and manage files. A denial of service vulnerability exists in Sync Breeze Enterprise. An attacker can exploit the...
Nextcloud Server Cross-Site Scripting Vulnerability (CNVD-2021-28008)
Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A cross-site scripting vulnerability exists in the Files PDF viewer in Nextcloud Server versions prior to 18.0.3. The vulnerability stems from a lack of prope...
Nextcloud Input Validation Error Vulnerability
Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud is vulnerable to an input validation error. The vulnerability originates from a network system or product that does not properly validate incoming...
Neowise CarbonFTP 1.4 Insecure Proprietary Password Encryption
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/NEOWISE-CARBONFTP-v1.4-INSECURE-PROPRIETARY-PASSWORD-ENCRYPTION.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.neowise.com Product CarbonFTP v1.4 CarbonFTP is a...
Nextcloud: User can delete data in shared folders he's not autorized to access
Steps to reproduce 1. create a group folder named TEST and share with "admin group" and "test group", marking the advanced permission flag 2. create two folders inside the main share: visible and invisible 3. inside "invisible" folder create a test file let's say something like "test.txt" 4. set...
[SECURITY] Fedora 27 Update: rsync-3.1.3-1.fc27
Rsync uses a reliable algorithm to bring remote and host files into sync very quickly. Rsync is fast because it just sends the differences in the files over the network instead of sending the complete files. Rsync is often used as a very powerful mirroring process or just as a more capable...