6.3
CVE-2024-52511 - Nextcloud Tables has an Authorization Bypass Through User-Controlled Key in Tables
Nextcloud Tables allows users to to create tables with individual columns. By directly specifying the ID of a table or view, a malicious user could blindly insert new rows into tables they have no access to. It is recommended that the Nextcloud Tables is upgraded to 0.8.0.
3.3
CVE-2024-52512 - Nextcloud User OIDC has an open redirection when logging in with User OIDC
user_oidc app is an OpenID Connect user backend for Nextcloud. A malicious user could send a malformed login link that would redirect the user to a provided URL after successfully authenticating. It is recommended that the Nextcloud User OIDC app is upgraded to 6.1.0.
5.4
CVE-2024-52522 - Rclone Improper Permission and Ownership Handling on Symlink Targets with --links and --metadata
Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Insecure handling of symlinks with --links and --metadata in rclone while copying to local disk allows unprivileged users to indirectly modify ownership and permissions on symlink target fiβ¦
2.6
CVE-2024-52513 - Nextcloud Server's Attachments folder for Text app is accessible on "Files drop" and "Password protβ¦
Nextcloud Server is a self hosted personal cloud system. After receiving a "Files drop" or "Password protected" share link a malicious user was able to download attachments that are referenced in Text files without providing the password. It is recommended that the Nextcloud Server is upgraded to 2β¦
4.1
CVE-2024-52514 - Nextcloud Server allows users to copy folder that contain files that are blocked by the files accesβ¦
Nextcloud Server is a self hosted personal cloud system. After a user received a share with some files inside being blocked by the files access control, the user would still be able to copy the intermediate folder inside Nextcloud allowing them to afterwards potentially access the blocked files depβ¦
5.4
CVE-2021-1466 - Cisco SD-WAN vDaemon Buffer Overflow Vulnerability
A vulnerability in the vDaemon service of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to cause a buffer overflow on an affected system, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete bounds checks for data that is pβ¦
5.7
CVE-2024-52515 - Nextcloud Server has incomplete sanitization of SVG files allows to embed other images into previews
Nextcloud Server is a self hosted personal cloud system. After an admin enables the default-disabled SVG preview provider, a malicious user could upload a manipulated SVG file referencing paths. If the file would exist the preview of the SVG would preview the other file instead. It is recommended tβ¦
0.0
CVE-2024-11264 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
8.7
CVE-2024-11248 - Tenda AC10 SetSysAutoRebbotCfg formSetRebootTimer stack-based overflow
A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. Affected by this issue is the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack may be launched remotely. Tβ¦
3
CVE-2024-52516 - Nextcloud Server's shares are not removed when user is limited to share with in their groups and beβ¦
Nextcloud Server is a self hosted personal cloud system. When a server is configured to only allow sharing with users that are in ones own groups, after a user was removed from a group, previously shared items were not unshared. It is recommended that the Nextcloud Server is upgraded to 22.2.11 or β¦