CVE-2024-37884

MEDIUM Year: 2024
CVSS v3 Score
5.4
Medium
Weakness Type
CWE-284
View all →

Vulnerability Description

Nextcloud Server is a self hosted personal cloud system. A malicious user was able to send delete requests for old versions of files they only got shared with read permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3 and that the Nextcloud Enterprise Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3.

Related Vulnerabilities

CVE-2013-6739

MEDIUM
CVSS:5.4(Medium)

IBM SPSS Modeler before 16 on UNIX allows remote authenticated users to bypass intended access restrictions via an SSO token. IBM X-Force ID: 89855.

CWE-2842013

CVE-2015-5017

MEDIUM
CVSS:5.4(Medium)

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 ...

CWE-2842015

CVE-2016-0342

MEDIUM
CVSS:5.4(Medium)

IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote authenticated users to read or modify arbitrary reports by leveraging an incorrect grant o...

CWE-2842016

CVE-2016-10223

MEDIUM
CVSS:5.4(Medium)

An issue was discovered in BigTree CMS before 4.2.15. The vulnerability exists due to insufficient filtration of user-supplied data in the "id" HTTP GET parameter passed to the "core/admin/adjax/dashb...

CWE-2842016

CVE-2016-2100

MEDIUM
CVSS:5.4(Medium)

Foreman before 1.10.3 and 1.11.0 before 1.11.0-RC2 allow remote authenticated users to read, modify, or delete private bookmarks by leveraging the (1) edit_bookmarks or (2) destroy_bookmarks permissio...

CWE-2842016

CVE-2016-5502

MEDIUM
CVSS:5.4(Medium)

Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3 allows remote authenticated users to affect...

CWE-2842016