CVE-2022-43855

CVE-2022-43855 affects IBM SPSS Statistics IO Module (versions 26.0, 27.0.1, 28.0). A local user can create multiple files, leading to file-handle exhaustion and denial of service. IBM’s bulletin notes the vulnerability is associated with resource management errors (CWE-399) and confirms the expo...

SUSE CVE-2023-45151

Nextcloud server is an open source home cloud platform. Affected versions of Nextcloud stored OAuth2 tokens in plaintext which allows an attacker who has gained access to the server to potentially elevate their privilege. This issue has been addressed and users are recommended to upgrade their...

CVE-2023-45151 OAuth2 client_secret stored in plain text in the Nextcloud database

Nextcloud server is an open source home cloud platform. Affected versions of Nextcloud stored OAuth2 tokens in plaintext which allows an attacker who has gained access to the server to potentially elevate their privilege. This issue has been addressed and users are recommended to upgrade their...

PT-2023-6441 · Nextcloud +2 · Nextcloud +2

Name of the Vulnerable Software and Affected Versions: Nextcloud versions prior to 25.0.8 Nextcloud versions prior to 26.0.3 Nextcloud versions prior to 27.0.1 Description: The issue is related to the storage of OAuth2 tokens in plaintext in Nextcloud, allowing an attacker who has gained access t...

SUSE CVE-2023-39959

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.9, 26.0.4, and 27.0.1, unauthenticated users could send a DAV request which reveals whether a calendar or an address book with the given identifier exists for...

CVE-2023-39961

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 24.0.4 and prior to versions 25.0.9, 26.0.4, and 27.0.1, when a folder with images or an image was shared without download permissions, the user could add the image inline into a text file and...

Default credentials

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 20.0.0 and prior to versions 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1, a missing password confirmation allowed an attacker, after successfully steali...

Code injection

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 19.0.0 and prior to versions 19.0.13.10, 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1, a malicious user could delete any personal or global external...

CVE-2023-39959

CVE-2023-39959 affects Nextcloud Server. Unauthenticated users could send a DAV request to determine whether a calendar or address book with a given identifier exists on victims’ accounts. Affected are Nextcloud Server versions prior to 25.0.9, 26.0.4, and 27.0.1 (and corresponding Enterprise Ser...

CVE-2023-39958 Missing brute force protection on password reset token OAuth2 API controller

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 22.0.0 and prior to versions 22.2.10.13, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1, missing protection allows an attacker to brute force the client secrets of configured OAuth2 clients...

Security Bulletin: IBM SPSS Statistics is vulnerable to denial of service due to Apache Log4j (CVE-2021-45105) and arbitrary code execution due to Apache Log4j (CVE-2021-45046)

Summary There are multiple Apache Log4j CVE-2021-45105, CVE-2021-45046 vulnerabilities impacting IBM SPSS Statistics which uses Apache Log4j for logging. The fix includes Apache Log4j 2.17. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service,...

Security Bulletin: Log4Shell Vulnerability affects IBM SPSS Statistics (CVE-2021-4104)

Summary There is a vulnerability in the version of Log4j that is part of IBM SPSS Statistics. IBM SPSS Statistics has addressed this vulnerability. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by...

Security Bulletin: A vulnerability in IBM Java Runtime affects IBM SPSS Statistics

Summary There is a vulnerability in IBM® Runtime Environment Java™ Versions 7.0, 7.1, and 8.0 used by IBM SPSS Statistics. IBM SPSS Statistics has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-27221 DESCRIPTION: Eclipse OpenJ9 is vulnerable to a stack-based buffer overflow...