Lmx

**Name of the Vulnerable Software and Affected Versions** Nextcloud Server versions prior to 9.0.54 and 10.0.1 ownCloud Server versions prior to 9.0.6 and 9.1.2 **Description** The issue concerns content spoofing in the files app, where the location bar fails to verify passed parameters. An attacker can create a malicious link to a fake directory structure, allowing them to display a controlled error message to the user. **Recommendations** For Nextcloud Server versions prior to 9.0.54, update to version 9.0.54 or later. For Nextcloud Server version 10.0.0, update to version 10.0.1 or later. For ownCloud Server versions prior to 9.0.6, update to version 9.0.6 or later. For ownCloud Server versions 9.0.6 through 9.1.1, update to version 9.1.2 or later.

**Name of the Vulnerable Software and Affected Versions** LibTIFF version 4.0.6 **Description** The issue is caused by a buffer overflow in the tif getimage.c file of the LibTIFF library. It can be exploited by a remote attacker to cause a denial of service, specifically an out-of-bounds read, by using the SamplesPerPixel tag in a TIFF image. **Recommendations** For LibTIFF version 4.0.6, consider restricting the use of the tif getimage.c function until a patch is available, or avoid using the SamplesPerPixel tag in TIFF images to minimize the risk of exploitation.