18 matches found
EUVD-2019-6567
Malware in sbrugna...
EUVD-2022-41807
Malicious code in bioql PyPI...
CVE-2019-15610
Improper authorization in the Circles app 0.17.7 causes retaining access when an email address was removed from a circle...
Code injection
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to versions 23.0.10 and 24.0.6 and Nextcloud Enterprise Server prior to versions 22.2.10, 23.0.10, and 24.0.6 are vulnerable to a logged-in attacker slowing down the system by...
Database resource exhaustion for logged-in users via sharee recommendations with circles
None...
CVE-2022-39330 Database resource exhaustion for logged-in users via sharee recommendations with circles
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to versions 23.0.10 and 24.0.6 and Nextcloud Enterprise Server prior to versions 22.2.10, 23.0.10, and 24.0.6 are vulnerable to a logged-in attacker slowing down the system by...
CVE-2022-39330 Database resource exhaustion for logged-in users via sharee recommendations with circles
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to versions 23.0.10 and 24.0.6 and Nextcloud Enterprise Server prior to versions 22.2.10, 23.0.10, and 24.0.6 are vulnerable to a logged-in attacker slowing down the system by...
PT-2022-24903 · Nextcloud +1 · Nextcloud Enterprise Server +3
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 23.0.10 and 24.0.6 Nextcloud Enterprise Server versions prior to 22.2.10, 23.0.10, and 24.0.6 Description: The issue allows a logged-in attacker to slow down the system by generating a lot of database/cpu...
CVE-2022-39330
CVE-2022-39330 affects Nextcloud Server prior to 23.0.10 and 24.0.6, and Nextcloud Enterprise Server prior to 22.2.10, 23.0.10, 24.0.6. Description: a logged-in attacker can cause resource exhaustion (database/cpu load) by abusing sharee recommendations with the Circles feature; patches exist in ...
Nextcloud Server < 22.2.6, 23.x < 23.0.3 Password Requirements Bypass Vulnerability (GHSA-pwjv-h37v-c4fx)
Nextcloud Server is prone to a password requirements bypass vulnerability when sharing a folder via the Circles app. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
CVE-2022-29163 Bypass of password requirements when sharing a folder via the Circles app in Nextcloud Server
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.6 and 23.0.3, a user can create a link that is not password protected even if the administrator requires links to be password protected. Versions 22.2.6 and 23.0.3 contain a pat...
Bypass of password requirements when sharing a folder via the Circles app
None...
CVE-2019-15610
Improper authorization in the Circles app 0.17.7 causes retaining access when an email address was removed from a circle...
CVE-2019-15610
Improper authorization in the Circles app 0.17.7 causes retaining access when an email address was removed from a circle...
Authorization
Improper authorization in the Circles app 0.17.7 causes retaining access when an email address was removed from a circle...
CVE-2019-15610
Improper authorization in the Circles app 0.17.7 causes retaining access when an email address was removed from a circle...
CVE-2019-15610
CVE-2019-15610 affects Nextcloud Circles (app version 0.17.7). The vulnerability is described as improper authorization that allows a circle member’s access to shared items to persist after their email address has been removed from the circle. Exploitation details are not provided in the Initial ...
Removing emails from circles does not revoke access to shared items (NC-SA-2019-013)
Improper authorization in the Circles app 0.17.7 causes retaining access when an email address was removed from a circle...