1082 matches found
CVE-2022-39211 Server-Side Request Forgery (SSRF) via potential filter bypass in Nextcloud Server
Nextcloud server is an open source personal cloud platform. In affected versions it was found that locally running webservices can be found and requested erroneously. It is recommended that the Nextcloud Server is upgraded to 23.0.8 or 24.0.4. It is recommended that the Nextcloud Enterprise Serve...
CVE-2022-39211 Server-Side Request Forgery (SSRF) via potential filter bypass in Nextcloud Server
Nextcloud server is an open source personal cloud platform. In affected versions it was found that locally running webservices can be found and requested erroneously. It is recommended that the Nextcloud Server is upgraded to 23.0.8 or 24.0.4. It is recommended that the Nextcloud Enterprise Serve...
CVE-2022-39211 Server-Side Request Forgery (SSRF) via potential filter bypass in Nextcloud Server
Nextcloud server is an open source personal cloud platform. In affected versions it was found that locally running webservices can be found and requested erroneously. It is recommended that the Nextcloud Server is upgraded to 23.0.8 or 24.0.4. It is recommended that the Nextcloud Enterprise Serve...
CVE-2022-36074 Authentication headers exposed on by Nextcloud Server
Nextcloud server is an open source personal cloud product. Affected versions of this package are vulnerable to Information Exposure which fails to strip the Authorization header on HTTP downgrade. This can lead to account access exposure and compromise. It is recommended that the Nextcloud Server...
Authentication header is passed on by Nextcloud Server due to a vulnerable GuzzleHTTP version
None...
PT-2022-24812 · Nextcloud +1 · Nextcloud Server +2
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 23.0.8 Nextcloud Server versions prior to 24.0.4 Nextcloud Enterprise Server versions prior to 22.2.10.4 Nextcloud Enterprise Server versions prior to 23.0.8 Nextcloud Enterprise Server versions prior to...
PT-2022-24916 · Nextcloud +1 · Nextcloud Server +1
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 22.2.10 Nextcloud Server versions prior to 23.0.7 Nextcloud Server versions prior to 24.0.3 Description: The Nextcloud server is an open source personal cloud server. Affected versions of the Nextcloud serve...
PT-2022-23162 · Nextcloud +1 · Nextcloud Enterprise Server +2
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 23.0.7 Nextcloud Server versions prior to 24.0.3 Nextcloud Enterprise Server versions prior to 22.2.11 Nextcloud Enterprise Server versions prior to 23.0.7 Nextcloud Enterprise Server versions prior to 24.0....
Nextcloud Server < 22.2.7, 23.x < 23.0.4 Insufficient Logging Vulnerability (GHSA-9qvg-7fwg-722x)
Nextcloud Server is prone to an insufficient logging vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2022-31120
Nextcloud server is an open source personal cloud solution. The audit log is used to get a full trail of the actions which has been incompletely populated. In affected versions federated share events were not properly logged which would allow brute force attacks to go unnoticed. This behavior...
CVE-2022-31120
Summary: CVE-2022-31120 affects Nextcloud Server. The issue is that federated share events were not properly logged in the audit log, enabling potential brute-force attempts to go unnoticed and exacerbating the impact of CVE-2022-31118. What’s affected: Nextcloud Server (versions before upgrades ...
CVE-2022-31120 Federated share accepting/declining is not logged in audit log in Nextcloud Server
Nextcloud server is an open source personal cloud solution. The audit log is used to get a full trail of the actions which has been incompletely populated. In affected versions federated share events were not properly logged which would allow brute force attacks to go unnoticed. This behavior...
CVE-2022-31120 Federated share accepting/declining is not logged in audit log in Nextcloud Server
Nextcloud server is an open source personal cloud solution. The audit log is used to get a full trail of the actions which has been incompletely populated. In affected versions federated share events were not properly logged which would allow brute force attacks to go unnoticed. This behavior...
CVE-2022-31120 Federated share accepting/declining is not logged in audit log in Nextcloud Server
Nextcloud server is an open source personal cloud solution. The audit log is used to get a full trail of the actions which has been incompletely populated. In affected versions federated share events were not properly logged which would allow brute force attacks to go unnoticed. This behavior...
CVE-2022-31118 Missing brute force protection on cloud federation sharing in Nextcloud Server
Nextcloud server is an open source personal cloud solution. In affected versions an attacker could brute force to find if federated sharing is being used and potentially try to brute force access tokens for federated shares a-zA-Z0-9 ^ 15. It is recommended that the Nextcloud Server is upgraded t...
CVE-2022-31118 Missing brute force protection on cloud federation sharing in Nextcloud Server
Nextcloud server is an open source personal cloud solution. In affected versions an attacker could brute force to find if federated sharing is being used and potentially try to brute force access tokens for federated shares a-zA-Z0-9 ^ 15. It is recommended that the Nextcloud Server is upgraded t...
Missing brute force protection on cloud federation sharing
None...
PT-2022-20543 · Nextcloud +1 · Nextcloud Server +1
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 22.2.7 Nextcloud Server versions prior to 23.0.4 Nextcloud Server versions prior to 24.0.0 Description: The issue concerns the audit log in Nextcloud Server, which is used to track actions but was not proper...
CVE-2022-31014 SMTP Command Injection in iCalendar Attachments to emails via newlines in Nextcloud Server
Nextcloud server is an open source personal cloud server. Affected versions were found to be vulnerable to SMTP command injection. The impact varies based on which commands are supported by the backend SMTP server. However, the main risk here is that the attacker can then hijack an...
Nextcloud Server < 22.2.7, 23.x < 23.0.4 DoS Vulnerability (GHSA-7cwm-qph5-4h5w)
Nextcloud Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...