Bugdiscloseguys

Name of the Vulnerable Software and Affected Versions: Ruby versions prior to 3.0 on Windows Description: A remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir, potentially allowing them to exit the directory and impact the system. There is an unintentional directory creation vulnerability in the `tmpdir` library bundled with Ruby on Windows, and an unintentional file creation vulnerability in the tempfile library, as it uses tmpdir internally. Recommendations: For Ruby versions prior to 3.0 on Windows, consider restricting access to the `tmpdir` library and tempfile library until a patch is available. As a temporary workaround, avoid using the `tmpdir` library and tempfile library in Web applications that handle parameters with TmpDir.

**Name of the Vulnerable Software and Affected Versions** Nextcloud Server versions prior to 14.0.0 **Description** A missing access check in the software could lead to continued access to password-protected link shares when the owner had changed the password. **Recommendations** For versions prior to 14.0.0, update to version 14.0.0 or later to resolve the issue.