Thank you! While that does allay most security concerns, it does beg the question how useful such a vulnerability tracker is if it doesn't actually show any relevant vulnerabilies and you constantly have to second-guess what it says. Warning signs that aren't actually warnings because it's "just a false alarm" quickly teach personell to not take warnings seriously - unti, onel day, it's not a false alarm...
_Nemo_
joined 1 day ago
Thanks for your detailed reply!
To make that happen, the attacker must [...] already have access to the server to upload and process the file, which means that security has already failed.
Do I correctly assume that by axis you mean shell or even root level access? If not, any of my regular users (turned rogue...) could upload a poisoned raw file which nextcloud would process to, for instance, generate a thumbnail.
Corporate-driven > community-driven distros
Is it Shitpost Saturday already?
Qwant is nice, but it keeps blocking my VPN and locks me out if I happen to use a non-European exit node. And I'm not pulling down my mask for a fucking search engine.
If you're willing to put up with Duckduckgo but hate AI search, there's https://noai.duckduckgo.com/