9 matches found
GHSA-QQ2P-4282-CFC5 eduMFA: Incorrect InnoDB snapshot isolation possibly allows token reusage
Impact For deployments using MySQL or MariaDB = 11.6.2 the default is ON, which is not affected - Same rules applies for Galera with underlying MariaDB Patches Fixed in version 2.9.1 by locking rows prior to write with SELECT FOR UPDATE. Workarounds Set innodbsnapshotisolation to ON default in...
EUVD-2021-19508
Malware in sbrugna...
SUSE CVE-2021-32726
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, webauthn tokens were not deleted after a user has been deleted. If a victim reused an earlier used username, the previous user could gain access to their account. The issue was fix...
Security update for nextcloud (important)
openSUSE Security Update: Security update for nextcloud Announcement ID: openSUSE-SU-2021:1068-1 Rating: important References: 1181445 1181803 1181804 1188247 1188248 1188249 1188250 1188251 1188252 1188253 1188254 1188255 1188256 Cross-References: CVE-2020-8293 CVE-2020-8294 CVE-2020-8295...
CVE-2021-32726
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, webauthn tokens were not deleted after a user has been deleted. If a victim reused an earlier used username, the previous user could gain access to their account. The issue was fix...
Code injection
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, webauthn tokens were not deleted after a user has been deleted. If a victim reused an earlier used username, the previous user could gain access to their account. The issue was fix...
CVE-2021-32726
Summary (CVE-2021-32726) Nextcloud Server versions prior to 19.0.13, 20.0.11, and 21.0.3 did not delete webauthn tokens after a user was deleted, allowing a previously used username to gain access to that account. The issue has been fixed in 19.0.13, 20.0.11, and 21.0.3. There are no known workar...
Webauthn tokens not removed after user has been deleted
None...
PT-2021-19887 · Nextcloud +2 · Nextcloud Server +2
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 19.0.13 Nextcloud Server versions prior to 20.0.11 Nextcloud Server versions prior to 21.0.3 Description: The issue concerns the handling of webauthn tokens in Nextcloud Server. In affected versions, webauth...