4.1
CVE-2024-52514 - Nextcloud Server allows users to copy folder that contain files that are blocked by the files accesβ¦
Nextcloud Server is a self hosted personal cloud system. After a user received a share with some files inside being blocked by the files access control, the user would still be able to copy the intermediate folder inside Nextcloud allowing them to afterwards potentially access the blocked files depβ¦
5.4
CVE-2021-1466 - Cisco SD-WAN vDaemon Buffer Overflow Vulnerability
A vulnerability in the vDaemon service of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to cause a buffer overflow on an affected system, resulting in a denial of service (DoS) condition. The vulnerability is due to incomplete bounds checks for data that is pβ¦
5.7
CVE-2024-52515 - Nextcloud Server has incomplete sanitization of SVG files allows to embed other images into previews
Nextcloud Server is a self hosted personal cloud system. After an admin enables the default-disabled SVG preview provider, a malicious user could upload a manipulated SVG file referencing paths. If the file would exist the preview of the SVG would preview the other file instead. It is recommended tβ¦
0.0
CVE-2024-11264 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
8.7
CVE-2024-11248 - Tenda AC10 SetSysAutoRebbotCfg formSetRebootTimer stack-based overflow
A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. Affected by this issue is the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack may be launched remotely. Tβ¦
3
CVE-2024-52516 - Nextcloud Server's shares are not removed when user is limited to share with in their groups and beβ¦
Nextcloud Server is a self hosted personal cloud system. When a server is configured to only allow sharing with users that are in ones own groups, after a user was removed from a group, previously shared items were not unshared. It is recommended that the Nextcloud Server is upgraded to 22.2.11 or β¦
4.6
CVE-2024-52517 - Nextcloud Server's global credentials of external storages are sent back to the frontend
Nextcloud Server is a self hosted personal cloud system. After storing "Global credentials" on the server, the API returns them and adds them into the frontend again, allowing to read them in plain text when an attacker already has access to an active session of a user. It is recommended that the Nβ¦
4.4
CVE-2024-52518 - Nextcloud Server is missing password confirmation when changing external storage options
Nextcloud Server is a self hosted personal cloud system. After an attacker got access to the session of a user or administrator, the attacker would be able to create, change or delete external storages without having to confirm the password. It is recommended that the Nextcloud Server is upgraded tβ¦
2.7
CVE-2024-52519 - Nextcloud Server's OAuth2 client secrets were stored in a recoverable way
Nextcloud Server is a self hosted personal cloud system. The OAuth2 client secrets were stored in a recoverable way, so that an attacker that got access to a backup of the database and the Nextcloud config file, would be able to decrypt them. It is recommended that the Nextcloud Server is upgraded β¦
5.7
CVE-2024-52520 - Nextcloud Server's link reference provider can be tricked into downloading bigger files than intendβ¦
Nextcloud Server is a self hosted personal cloud system. Due to a pre-flighted HEAD request, the link reference provider could be tricked into downloading bigger websites than intended, to find open-graph data. It is recommended that the Nextcloud Server is upgraded to 28.0.10 or 29.0.7 and Nextcloβ¦