In Nextcloud Server versions 25.0.0 to 25.0.6 and 26.0.0 to 26.0.1 a low severity vulnerability CVE-2024-37314 was detected in the Nextcloud Photos app. This vulnerability allows users to remove photos from the albums of registered users. To address this issue, it is recommended to upgrade to Nextcloud Server version 25.0.7 or 26.0.2 and Nextcloud Enterprise Server version 25.0.7 or 26.0.2. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37314.
Read more StorageIn Nextcloud Server versions 27.1.9 and earlier a low severity vulnerability CVE-2024-37887 was detected. This vulnerability allows attackers to read private shared calendar events’ recurrence exceptions. To address this issue, it is recommended to upgrade to Nextcloud Server version 27.1.10, 28.0.6, or 29.0.1, and Nextcloud Enterprise Server to version 27.1.10, 28.0.6, or 29.0.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37887.
Read more StorageIn Nextcloud Server versions prior to 26.0.12, 27.1.7 and 28.0.3 a medium severity vulnerability CVE-2024-37884 was detected. This vulnerability allows malicious users to delete old versions of files they only have read permissions for. To address this issue, it is recommended to upgrade Nextcloud Server to version 26.0.12, 27.1.7, or 28.0.3, and Nextcloud Enterprise Server to the same versions. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37884.
Read more StorageIn Nextcloud Server versions prior to 26.0.12, 27.1.7 and 28.0.3 a medium severity vulnerability CVE-2024-37315 was detected. This vulnerability allows attackers with read-only access to restore older versions of a document if the files_versions app is enabled. To address this issue, it is recommended to upgrade to Nextcloud Server version to 26.0.12, 27.1.7 or 28.0.3 and the Nextcloud Enterprise Server versions to 23.0.12.16, 24.0.12.12, 25.0.13.6, 26.0.12, 27.1.7 or 28.0.3 For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37315.
Read more StorageIn Nextcloud Server a high severity vulnerability CVE-2024-37882 was detected. A recipient with read and share permissions can grant themselves additional permissions when resharing the item. To fix this issue, it is recommended to upgrade Nextcloud Server to version 26.0.13, 27.1.8, or 28.0.4, and Nextcloud Enterprise Server to the same versions. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37882.
Read more Storage