CVE-2024-52520 : NEXTCLOUD SERVER UP TO 28.0.9/29.0.6 PRE-FLIGHTED HEAD REQUEST RESOURCE CONSUMPTION

Description

Nextcloud Server is a self hosted personal cloud system. Due to a pre-flighted HEAD request, the link reference provider could be tricked into downloading bigger websites than intended, to find open-graph data. It is recommended that the Nextcloud Server is upgraded to 28.0.10 or 29.0.7 and Nextcloud Enterprise Server is upgraded to 27.1.11.8, 28.0.10 or 29.0.7.

References

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-pxqf-cfxw-mqmj

https://github.com/nextcloud/server/pull/47627

https://github.com/nextcloud/server/commit/873c42b0f1383d5b6f2b7a481e1d9620ed30f44a

For More Information

CVERecord

Contact us to get started

CVE-2024-49592 : MCAFEE TRIAL INSTALLER 16.0.53 ACCESS CONTROL

Description McAfee Trial Installer 16.0.53 has Incorrect Access Control that leads to Local Escalation of Privileges. References https://www.mcafee.com/support/s/article/000002516?language=en_US For More

Learn more

CVE-2024-10934 : OPENBSD UP TO 7.4 ERRATA 020/7.5 ERRATA 007 NFS CLIENT/NFS SERVER DOUBLE FREE

Description In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021, avoid possible mbuf double free in NFS

Learn more

CVE-2024-40638 : GLPI UP TO 10.0.16 SQL INJECTION

Description GLPI is a free asset and IT management software package. An authenticated user can exploit multiple SQL injection vulnerabilities.

Learn more