Design/Logic Flaw

Nextcloud server is an open source personal cloud server. Affected versions of nextcloud server did not properly limit user display names which could allow a malicious users to overload the backing database and cause a denial of service. It is recommended that the Nextcloud Server is upgraded to...

Missing length validation of user displayname allows to generate an SQL error

None...

CVE-2022-39346 Missing length validation of user displayname in nextcloud server

Nextcloud server is an open source personal cloud server. Affected versions of nextcloud server did not properly limit user display names which could allow a malicious users to overload the backing database and cause a denial of service. It is recommended that the Nextcloud Server is upgraded to...

CVE-2022-39346 Missing length validation of user displayname in nextcloud server

Nextcloud server is an open source personal cloud server. Affected versions of nextcloud server did not properly limit user display names which could allow a malicious users to overload the backing database and cause a denial of service. It is recommended that the Nextcloud Server is upgraded to...

Code injection

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server prior to versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server prior to versions 22.2.10.5, 23.0.9, and 24.0.5 an attacker reading nextcloud.log may gain knowledge of...

CVE-2022-39329

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 23.0.9 and 24.0.5 are vulnerable to exposure of information that cannot be controlled by administrators without direct database acces...

CVE-2022-39364 Exception logging in Sharepoint app reveals clear-text connection details

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server prior to versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server prior to versions 22.2.10.5, 23.0.9, and 24.0.5 an attacker reading nextcloud.log may gain knowledge of...

CVE-2022-39329 Profile of disabled user stays accessible

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 23.0.9 and 24.0.5 are vulnerable to exposure of information that cannot be controlled by administrators without direct database acces...

Nextcloud 安全漏洞

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. A security vulnerability exists in Nextcloud Server, Nextccloud Enterprise Server versions prior to 24.0.5. An attacker could exploit the vulnerability to...

Nextcloud 安全漏洞

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. A security vulnerability exists in Nextcloud Server, Nextccloud Enterprise Server versions prior to 24.0.5. An attacker could exploit the vulnerability to...

CVE-2022-39330 Database resource exhaustion for logged-in users via sharee recommendations with circles

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to versions 23.0.10 and 24.0.6 and Nextcloud Enterprise Server prior to versions 22.2.10, 23.0.10, and 24.0.6 are vulnerable to a logged-in attacker slowing down the system by...

CVE-2022-39330

CVE-2022-39330 affects Nextcloud Server prior to 23.0.10 and 24.0.6, and Nextcloud Enterprise Server prior to 22.2.10, 23.0.10, 24.0.6. Description: a logged-in attacker can cause resource exhaustion (database/cpu load) by abusing sharee recommendations with the Circles feature; patches exist in ...

CVE-2022-39364

CVE-2022-39364 affects Nextcloud Server and Enterprise Server: reading nextcloud.log can reveal credentials to connect to a SharePoint service. Affected versions include Nextcloud Server prior to 23.0.9 and prior to 24.0.5; Nextcloud Enterprise Server prior to 22.2.10.5, 23.0.9, and 24.0.5. Patch...

PT-2022-24931 · Nextcloud +2 · Nextcloud Enterprise Server +3

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 23.0.9 and 24.0.5 Nextcloud Enterprise Server versions prior to 22.2.10.5, 23.0.9, and 24.0.5 Description: The issue affects Nextcloud Server, a file server software for the self-hosted productivity platform...

PT-2022-24903 · Nextcloud +1 · Nextcloud Enterprise Server +3

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 23.0.10 and 24.0.6 Nextcloud Enterprise Server versions prior to 22.2.10, 23.0.10, and 24.0.6 Description: The issue allows a logged-in attacker to slow down the system by generating a lot of database/cpu...

PT-2022-24902 · Nextcloud +1 · Nextcloud Enterprise Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 23.0.9 Nextcloud Enterprise Server versions prior to 24.0.5 Description: The issue concerns exposure of information that cannot be controlled by administrators without direct database access. This affects...

CVE-2022-39364 Exception logging in Sharepoint app reveals clear-text connection details

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server prior to versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server prior to versions 22.2.10.5, 23.0.9, and 24.0.5 an attacker reading nextcloud.log may gain knowledge of...

CVE-2022-39330 Database resource exhaustion for logged-in users via sharee recommendations with circles

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to versions 23.0.10 and 24.0.6 and Nextcloud Enterprise Server prior to versions 22.2.10, 23.0.10, and 24.0.6 are vulnerable to a logged-in attacker slowing down the system by...

Nextcloud Server < 23.0.7, 24.x < 24.0.3 Information Disclosure Vulnerability (GHSA-vqgm-f748-g76v)

Nextcloud Server is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Nextcloud Server < 23.0.8, 24.x < 24.0.4 SSRF Vulnerability (GHSA-rmf9-w497-8cq8)

Nextcloud Server is prone to a server-side request forgery SSRF vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...