SUSE CVE-2023-35171

NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. Starting in version 26.0.0 and prior to version 26.0.2, an attacker could supply a URL that redirects an unsuspecting victim from a legitimate domain to an attacker's site...

SUSE CVE-2023-35172

NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until...

SUSE CVE-2023-32320

Nextcloud Server is a data storage system for Nextcloud, a self-hosted productivity platform. When multiple requests are sent in parallel, all of them were executed even if the amount of faulty requests succeeded the limit by the time the response was sent to the client. This allowed someone to...

CVE-2023-35928

CVE-2023-35928 affects Nextcloud Server and Enterprise Server prior to the patched versions. A user could abuse a functionality to access another user’s login credentials and take over the account. Affected ranges include Nextcloud Server 25.0.0–25.0.7 and 26.0.0–26.0.2; Enterprise Server 19.0.0–...

CVE-2023-35927

The CVE-2023-35927 issue affects Nextcloud Server and Enterprise Server where two trusted servers exchange share secrets and an attacker could modify or delete VCards in the origin server’s system address book, impacting user search and avatar menus. The initial description lists affected lines f...

CVE-2023-35172 Nextcloud Server password reset endpoint is not brute force protected

NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until...

CVE-2023-35172 Nextcloud Server password reset endpoint is not brute force protected

NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until...

CVE-2023-35172

Technical details about CVE-2023-35172 are not publicly provided in the supplied documents. Monitor for updates from vendors and security advisories.

Nextcloud 安全漏洞

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. A security vulnerability exists in Nextcloud Server that stems from allowing an attacker to access the login credentials of other users and take over their...

PT-2023-3557 · Nextcloud +2 · Nextcloud Enterprise Server +3

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions 25.0.0 through 25.0.7 Nextcloud Server versions 26.0.0 through 26.0.2 Nextcloud Enterprise Server versions 19.0.0 through 19.0.13.9 Nextcloud Enterprise Server versions 20.0.0 through 20.0.14.14 Nextcloud Enterprise...

Nextcloud 输入验证错误漏洞

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An input validation error vulnerability exists in Nextcloud Server, which originates from a URL that allows an attacker to redirect a victim from a...

Nextcloud 访问控制错误漏洞

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An access control error vulnerability exists in NextCloud Server that originates from allowing a malicious server to modify or delete VCard in the source...

PT-2023-8431 · Nextcloud +2 · Nextcloud Enterprise Server +3

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions 25.0.0 through 25.0.7 Nextcloud Server versions 26.0.0 through 26.0.2 Nextcloud Enterprise Server versions 21.0.0 through 21.0.9.12 Nextcloud Enterprise Server versions 22.0.0 through 22.2.10.12 Nextcloud Enterprise...

PT-2023-8430 · Nextcloud +2 · Nextcloud Enterprise Server +3

Name of the Vulnerable Software and Affected Versions: NextCloud Server versions 26.0.0 through 26.0.1 NextCloud Enterprise Server versions 26.0.0 through 26.0.1 Description: The issue is related to open redirect vulnerability in Nextcloud Server and Nextcloud Enterprise Server. An attacker could...

CVE-2023-32320

Nextcloud Server is a data storage system for Nextcloud, a self-hosted productivity platform. When multiple requests are sent in parallel, all of them were executed even if the amount of faulty requests succeeded the limit by the time the response was sent to the client. This allowed someone to...

CVE-2023-32320 Nextcloud Server's brute force protection allows someone to send more requests than intended

Nextcloud Server is a data storage system for Nextcloud, a self-hosted productivity platform. When multiple requests are sent in parallel, all of them were executed even if the amount of faulty requests succeeded the limit by the time the response was sent to the client. This allowed someone to...

User scoped external storage can be used to gather credentials of other users

None...

Password reset endpoint is not brute force protected

None...

Open redirect on "Unsupported browser" warning

None...

PT-2023-8429 · Nextcloud +2 · Nextcloud Enterprise Server +3

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 25.0.7 Nextcloud Server versions prior to 26.0.2 Nextcloud Enterprise Server versions prior to 21.0.9.12 Nextcloud Enterprise Server versions prior to 22.2.10.12 Nextcloud Enterprise Server versions prior to...