Filtered by vendor Nextcloud
Subscribe
Total
307 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-37887 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A | 3.5 LOW |
| Nextcloud Server is a self hosted personal cloud system. Private shared calendar events' recurrence exceptions can be read by sharees. It is recommended that the Nextcloud Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1 and that the Nextcloud Enterprise Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1. | |||||
| CVE-2024-37885 | 2 Apple, Nextcloud | 2 Macos, Desktop | 2024-11-21 | N/A | 3.8 LOW |
| The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. A code injection in Nextcloud Desktop Client for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the enviroment. It is recommended that the Nextcloud Desktop client is upgraded to 3.12.0. | |||||
| CVE-2024-37884 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A | 3.5 LOW |
| Nextcloud Server is a self hosted personal cloud system. A malicious user was able to send delete requests for old versions of files they only got shared with read permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3 and that the Nextcloud Enterprise Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3. | |||||
| CVE-2024-37883 | 1 Nextcloud | 1 Deck | 2024-11-21 | N/A | 4.3 MEDIUM |
| Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A user with access to a deck board was able to access comments and attachments of already deleted cards. It is recommended that the Nextcloud Deck app is upgraded to 1.6.6 or 1.7.5 or 1.8.7 or 1.9.6 or 1.11.3 or 1.12.1. | |||||
| CVE-2024-37882 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A | 8.1 HIGH |
| Nextcloud Server is a self hosted personal cloud system. A recipient of a share with read&share permissions could reshare the item with more permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.13 or 27.1.8 or 28.0.4 and that the Nextcloud Enterprise Server is upgraded to 26.0.13 or 27.1.8 or 28.0.4. | |||||
| CVE-2024-37317 | 1 Nextcloud | 1 Notes | 2024-11-21 | N/A | 4.6 MEDIUM |
| The Nextcloud Notes app is a distraction free notes taking app for Nextcloud. If an attacker managed to share a folder called `Notes/` with a newly created user before they logged in, the Notes app would use that folder store the personal notes. It is recommended that the Nextcloud Notes app is upgraded to 4.9.3. | |||||
| CVE-2024-37316 | 1 Nextcloud | 1 Calendar | 2024-11-21 | N/A | 4.6 MEDIUM |
| Nextcloud Calendar is a calendar app for Nextcloud. Authenticated users could create an event with manipulated attachment data leading to a bad redirect for participants when clicked. It is recommended that the Nextcloud Calendar App is upgraded to 4.6.8 or 4.7.2. | |||||
| CVE-2024-37315 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A | 3.5 LOW |
| Nextcloud Server is a self hosted personal cloud system. An attacker with read-only access to a file is able to restore older versions of a document when the files_versions app is enabled. It is recommended that the Nextcloud Server is upgraded to 26.0.12, 27.1.7 or 28.0.3 and that the Nextcloud Enterprise Server is upgraded to 23.0.12.16, 24.0.12.12, 25.0.13.6, 26.0.12, 27.1.7 or 28.0.3. | |||||
| CVE-2024-37314 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A | 3.5 LOW |
| Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or 26.0.2. | |||||
| CVE-2024-22404 | 1 Nextcloud | 1 Zipper | 2024-11-21 | N/A | 4.1 MEDIUM |
| Nextcloud files Zip app is a tool to create zip archives from one or multiple files from within Nextcloud. In affected versions users can download "view-only" files by zipping the complete folder. It is recommended that the Files ZIP app is upgraded to 1.2.1, 1.4.1, or 1.5.0. Users unable to upgrade should disable the file zip app. | |||||
| CVE-2024-22403 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A | 3.0 LOW |
| Nextcloud server is a self hosted personal cloud system. In affected versions OAuth codes did not expire. When an attacker would get access to an authorization code they could authenticate at any time using the code. As of version 28.0.0 OAuth codes are invalidated after 10 minutes and will no longer be authenticated. To exploit this vulnerability an attacker would need to intercept an OAuth code from a user session. It is recommended that the Nextcloud Server is upgraded to 28.0.0. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-22402 | 1 Nextcloud | 1 Guests | 2024-11-21 | N/A | 5.4 MEDIUM |
| Nextcloud guests app is a utility to create guest users which can only see files shared with them. In affected versions users were able to load the first page of apps they were actually not allowed to access. Depending on the selection of apps installed this may present a permissions bypass. It is recommended that the Guests app is upgraded to 2.4.1, 2.5.1 or 3.0.1. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-22401 | 1 Nextcloud | 1 Guests | 2024-11-21 | N/A | 4.1 MEDIUM |
| Nextcloud guests app is a utility to create guest users which can only see files shared with them. In affected versions users could change the allowed list of apps, allowing them to use apps that were not intended to be used. It is recommended that the Guests app is upgraded to 2.4.1, 2.5.1 or 3.0.1. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-22400 | 1 Nextcloud | 1 Sso \& Saml Authentication | 2024-11-21 | N/A | 3.1 LOW |
| Nextcloud User Saml is an app for authenticating Nextcloud users using SAML. In affected versions users can be given a link to the Nextcloud server and end up on a uncontrolled thirdparty server. It is recommended that the User Saml app is upgraded to version 5.1.5, 5.2.5, or 6.0.1. There are no known workarounds for this issue. | |||||
| CVE-2024-22213 | 1 Nextcloud | 1 Deck | 2024-11-21 | N/A | N/A |
| Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions users could be tricked into executing malicious code that would execute in their browser via HTML sent as a comment. It is recommended that the Nextcloud Deck is upgraded to version 1.9.5 or 1.11.2. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-22212 | 1 Nextcloud | 1 Global Site Selector | 2024-11-21 | N/A | 9.6 CRITICAL |
| Nextcloud Global Site Selector is a tool which allows you to run multiple small Nextcloud instances and redirect users to the right server. A problem in the password verification method allows an attacker to authenticate as another user. It is recommended that the Nextcloud Global Site Selector is upgraded to version 1.4.1, 2.1.2, 2.3.4 or 2.4.5. There are no known workarounds for this issue. | |||||
| CVE-2023-49792 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A | 5.3 MEDIUM |
| Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4; when a (reverse) proxy is configured as trusted proxy the server could be tricked into reading a wrong remote address for an attacker, allowing them executing authentication attempts than intended. Nextcloud Server versions 26.0.9 and 27.1.4 and Nextcloud Enterprise Server versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4 contain a patch for this issue. No known workarounds are available. | |||||
| CVE-2023-49791 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A | 5.4 MEDIUM |
| Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4; when an attacker manages to get access to an active session of another user via another way, they could delete and modify workflows by sending calls directly to the API bypassing the password confirmation shown in the UI. Nextcloud Server versions 26.0.9 and 27.1.4 and Nextcloud Enterprise Server versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4 contain a patch for this issue. No known workarounds are available. | |||||
| CVE-2023-49790 | 1 Nextcloud | 1 Nextcloud | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Nextcloud iOS Files app allows users of iOS to interact with Nextcloud, a self-hosted productivity platform. Prior to version 4.9.2, the application can be used without providing the 4 digit PIN code. Nextcloud iOS Files app should be upgraded to 4.9.2 to receive the patch. No known workarounds are available. | |||||
| CVE-2023-48308 | 1 Nextcloud | 1 Calendar | 2024-11-21 | N/A | 3.5 LOW |
| Nextcloud/Cloud is a calendar app for Nextcloud. An attacker can gain access to stacktrace and internal paths of the server when generating an exception while editing a calendar appointment. It is recommended that the Nextcloud Calendar app is upgraded to 4.5.3 | |||||