CVE-2024-37886

MEDIUM Year: 2024
CVSS v3 Score
5.4
Medium
Weakness Type
CWE-347
View all →

Vulnerability Description

user_oidc app is an OpenID Connect user backend for Nextcloud. An attacker could potentially trick the app into accepting a request that is not signed by the correct server. It is recommended that the Nextcloud user_oidc app is upgraded to 1.3.5, 2.0.0, 3.0.0, 4.0.0 or 5.0.0.

Related Vulnerabilities

CVE-2023-33185

MEDIUM
CVSS:5.4(Medium)

Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intende...

CWE-3472023

CVE-2024-11696

MEDIUM
CVSS:5.4(Medium)

The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest,...

CWE-3472024

CVE-2018-10407

MEDIUM
CVSS:5.5(Medium)

An issue was discovered in Carbon Black Cb Response. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary...

CWE-3472018

CVE-2020-1464

MEDIUM
CVSS:5.5(Medium)

A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed ...

CWE-3472020

CVE-2020-16922

MEDIUM
CVSS:5.5(Medium)

<p>A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly sign...

CWE-3472020

CVE-2020-8324

MEDIUM
CVSS:5.5(Medium)

A vulnerability was reported in LenovoAppScenarioPluginSystem for Lenovo System Interface Foundation prior to version 1.2.184.31 that could allow unsigned DLL files to be executed.

CWE-3472020