4969 matches found
Fedora 43 : nextcloud (2025-84af4b9872)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-84af4b9872 advisory. 32.0.2 release RHBZ2416087 RHBZ2415750 RHBZ2415751 RHBZ2415752 RHBZ2415753 Tenable has extracted the preceding description block directly from the...
Fedora 44 : nextcloud (2025-7534523367)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-7534523367 advisory. Automatic update for nextcloud-32.0.2-1.fc44. Changelog Mon Nov 24 2025 Andrew Bauer - 32.0.2-1 - 32.0.2 release RHBZ2416087 RHBZ2415750 RHBZ2415751...
Fedora: Security Advisory (FEDORA-2025-beab5b2e5e)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2025-ebd5b65ce8)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2025-ffaf646c29)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Nextcloud: Credential Disclosure via Unvalidated directDownloadUrl (Missing DontAddCredentialsAttribute)
The Nextcloud Desktop Client was found to automatically include user credentials Authorization header with username and password in Base64 when downloading files via the "directDownloadUrl" feature. This allowed a malicious Nextcloud server to specify an attacker-controlled URL, causing the clien...
Nextcloud: Improper input validation On Exported deep-link handler crashes `FileDisplayActivity` on crafted external URL — Denial-of-Service
A vulnerability was discovered in the Nextcloud Android client application where improper input validation in the exported deep-link handler caused a null dereference in the FileDisplayActivity component. This resulted in an unhandled NullPointerException and application crash when the deep-link...
CVE-2025-58051
Nextcloud Tables allows you to create your own tables with individual columns. Prior 0.7.6, 0.8.8, and 0.9.5, when importing a table, a user was able to specify files on the server and when their format is supported by the used PhpSpreadsheet library they would be included and their content leake...
CVE-2025-58051
Nextcloud Tables allows you to create your own tables with individual columns. Prior 0.7.6, 0.8.8, and 0.9.5, when importing a table, a user was able to specify files on the server and when their format is supported by the used PhpSpreadsheet library they would be included and their content leake...
EUVD-2025-34797
Nextcloud Tables allows you to create your own tables with individual columns. Prior 0.7.6, 0.8.8, and 0.9.5, when importing a table, a user was able to specify files on the server and when their format is supported by the used PhpSpreadsheet library they would be included and their content leake...
CVE-2025-58051 Nextcloud Tables app allowed to include local file via PhpSpreadsheet when importing a table
Nextcloud Tables allows you to create your own tables with individual columns. Prior 0.7.6, 0.8.8, and 0.9.5, when importing a table, a user was able to specify files on the server and when their format is supported by the used PhpSpreadsheet library they would be included and their content leake...
CVE-2025-58051 Nextcloud Tables app allowed to include local file via PhpSpreadsheet when importing a table
Nextcloud Tables allows you to create your own tables with individual columns. Prior 0.7.6, 0.8.8, and 0.9.5, when importing a table, a user was able to specify files on the server and when their format is supported by the used PhpSpreadsheet library they would be included and their content leake...
CVE-2025-58051
CVE-2025-58051 affects Nextcloud Tables. Prior to versions 0.7.6, 0.8.8, and 0.9.5, the app allowed a user importing a table to specify server files; if the file format is supported by PhpSpreadsheet, the file content could be leaked to the user via path traversal. This is a server-side disclosur...
CVE-2025-58051 Nextcloud Tables app allowed to include local file via PhpSpreadsheet when importing a table
Nextcloud Tables allows you to create your own tables with individual columns. Prior 0.7.6, 0.8.8, and 0.9.5, when importing a table, a user was able to specify files on the server and when their format is supported by the used PhpSpreadsheet library they would be included and their content leake...
Nextcloud Tables 安全漏洞
Nextcloud Tables is an open source tables application from Nextcloud. A security vulnerability exists in Nextcloud Tables versions prior to 0.7.6, prior to 0.8.8, and prior to 0.9.5, which stems from a server file that can be specified when importing a table, potentially leading to a disclosure o...
Nextcloud: Predictable proposal participant tokens enable unauthorized access and vote submission
A vulnerability was discovered in predictable proposal participant tokens, which enabled unauthorized access and vote submission...
Nextcloud: BOLA/IDOR in Out-of-Office API allows any authenticated user to read other users' absence data
Summary The Out-of-Office OOO API endpoints at /ocs/v2.php/apps/dav/api/v1/outOfOffice/userId and /ocs/v2.php/apps/dav/api/v1/outOfOffice/userId/now suffer from a Broken Object Level Authorization BOLA vulnerability. Any authenticated user can retrieve the out-of-office data of any other user by...
EUVD-2021-19493
Malware in sbrugna...
EUVD-2016-8272
Malware in sbrugna...
EUVD-2021-10044
Malware in sbrugna...