Nextcloud server 处理逻辑错误漏洞

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A processing logic error vulnerability exists in the Nextcloud server, which stems from the fact that the Nextcloud server is vulnerable to brute-force attack...

Nextcloud Server Multiple Vulnerabilities (May 2021)

Nextcloud Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nextcloud:nextcloudserver"...

Command injection

Nextcloud Server is a Nextcloud package that handles data storage. In versions of Nextcloud Server prior to 10.0.11, 20.0.10, and 21.0.2, a malicious user may be able to break the user administration page. This would disallow administrators to administrate users on the Nextcloud instance. The...

CVE-2021-32657 Malicious user could break user administration page

Nextcloud Server is a Nextcloud package that handles data storage. In versions of Nextcloud Server prior to 10.0.11, 20.0.10, and 21.0.2, a malicious user may be able to break the user administration page. This would disallow administrators to administrate users on the Nextcloud instance. The...

CVE-2021-32656 Trusted servers exchange can be triggered by attacker

Nextcloud Server is a Nextcloud package that handles data storage. A vulnerability in federated share exists in versions prior to 19.0.11, 20.0.10, and 21.0.2. An attacker can gain access to basic information about users of a server by accessing a public link that a legitimate server user added a...

CVE-2021-32655

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.11, 20.0.10, and 21.0.2, an attacker is able to convert a Files Drop link to a federated share. This causes an issue on the UI side of the sharing user. When the sharing user opens the sharing panel and...

CVE-2021-32655

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.11, 20.0.10, and 21.0.2, an attacker is able to convert a Files Drop link to a federated share. This causes an issue on the UI side of the sharing user. When the sharing user opens the sharing panel and...

CVE-2021-32654

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.11, 20.0.10, and 21.0.2, an attacker is able to receive write/read privileges on any Federated File Share. Since public links can be added as federated file share, this can also be exploited on any public...

Code injection

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.11, 20.0.10, and 21.0.2, an attacker is able to convert a Files Drop link to a federated share. This causes an issue on the UI side of the sharing user. When the sharing user opens the sharing panel and...

CVE-2021-32655

The CVE-2021-32655 entry concerns Nextcloud Server: in versions prior to 19.0.11, 20.0.10, and 21.0.2 an attacker could convert a Files Drop link into a federated share. When the sharing user opens the panel and removes the Create privileges from this unexpected share, the system silently grants ...

CVE-2021-32655 Files Drop public link can be added as federated share

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.11, 20.0.10, and 21.0.2, an attacker is able to convert a Files Drop link to a federated share. This causes an issue on the UI side of the sharing user. When the sharing user opens the sharing panel and...

CVE-2021-32653

Nextcloud Server is a Nextcloud package that handles data storage. Nextcloud Server versions prior to 19.0.11, 20.0.10, or 21.0.2 send user IDs to the lookup server even if the user has no fields set to published. The vulnerability is patched in versions 19.0.11, 20.0.10, and 21.0.2; no workaroun...

Code injection

Nextcloud Server is a Nextcloud package that handles data storage. Nextcloud Server versions prior to 19.0.11, 20.0.10, or 21.0.2 send user IDs to the lookup server even if the user has no fields set to published. The vulnerability is patched in versions 19.0.11, 20.0.10, and 21.0.2; no workaroun...

CVE-2021-32653

CVE-2021-32653 affects Nextcloud Server. The issue leaks user IDs to the lookup server even when user fields are not published. Patched in Nextcloud versions 19.0.11, 20.0.10, and 21.0.2; no workarounds outside updating are known. Connected sources from Gentoo GLSA and GHSA advisories corroborate...

CVE-2021-32653 Default settings leak federated cloud ID to lookup server of all users

Nextcloud Server is a Nextcloud package that handles data storage. Nextcloud Server versions prior to 19.0.11, 20.0.10, or 21.0.2 send user IDs to the lookup server even if the user has no fields set to published. The vulnerability is patched in versions 19.0.11, 20.0.10, and 21.0.2; no workaroun...

Attacker can obtain write access to any federated share/public link

None...

Github json-smart-v1 缓冲区错误漏洞

Github json-smart-v1 is a Github open source application . Provides all non-indexed data in the data store as serialized JSON messages stored in the columns function . A security vulnerability exists in JSON Smart versions 1.3 and 2.4, which originates in the indexOf function of JSONParserByteArr...

PT-2021-19832 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 19.0.11 Nextcloud Server versions prior to 20.0.10 Nextcloud Server versions prior to 21.0.2 Description: The issue allows an attacker to gain write/read privileges on any Federated File Share. This can also...

PT-2021-19833 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 19.0.11 Nextcloud Server versions prior to 20.0.10 Nextcloud Server versions prior to 21.0.2 Description: The issue arises when an attacker converts a Files Drop link to a federated share, causing problems o...

PT-2021-19835 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 10.0.11 Nextcloud Server versions prior to 20.0.10 Nextcloud Server versions prior to 21.0.2 Description: A malicious user may be able to break the user administration page, disallowing administrators to...