Approved changes feed: RSS · Atom
cpe:2.3:a:nextcloud:notes:*:*:*:*:*:nextcloud:*:*
part: a version: * update: *
| Vendor | Nextcloud (e5ae4298-6932-564f-a40d-08cebea039a5) |
|---|---|
| Product | Notes (258418dd-adc3-5502-8e3a-c994faa442fa) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | nextcloud |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-37317 |
vulnerable | 2026-06-03 14:56:06.304196 |
Nextcloud Notes app can be tricked into using a received share created before the user logged in
MEDIUM (4.6)
The Nextcloud Notes app is a distraction free notes taking app for Nextcloud. If an attacker managed to share a folder called `Notes/` with a newly created user before they logged in, the Notes app would use that folder store the personal notes. It is recommended that the Nextcloud Notes app is upgraded to 4.9.3.
Published: 2024-06-14T15:25:24.475Z
Updated: 2024-08-02T03:50:55.961Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-39955 |
vulnerable | 2026-06-03 14:52:39.575252 |
Notes attachment render HTML in preview mode
LOW (3.5)
Notes is a note-taking app for Nextcloud, an open-source cloud platform. Starting in version 4.4.0 and prior to version 4.8.0, when creating a note file with HTML, the content is rendered in the preview instead of the file being offered to download. Nextcloud Notes app version 4.8.0 contains a patch for the issue. No known workarounds are available.
Published: 2023-08-10T14:53:42.626Z
Updated: 2024-10-04T18:23:55.573Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.