Nextcloud Talk Security Vulnerability

Nextcloud Talk is a self-hosted local audio/video and chat communication service from Nextcloud Germany. A security vulnerability exists in Nextcloud Talk. An attacker could exploit the vulnerability to obtain password information...

PT-2023-29634 · Nextcloud · Nextcloud Mail

Name of the Vulnerable Software and Affected Versions: Nextcloud Mail versions prior to 2.2.8 Nextcloud Mail versions prior to 3.3.0 Description: The issue is related to a missing check of origin, target, and cookies in Nextcloud Mail, allowing an attacker to abuse the proxy endpoint and cause a...

Nextcloud Security Breach

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud. An attacker can exploit the vulnerability to elevate privileges...

Nextcloud Security Breach

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the vendor...

Nextcloud Server < 22.2.10.14, 23.x < 23.0.12.9, 24.x < 24.0.12.5, 25.x < 25.0.9, 26.x < 26.0.4 Improper Access Control Vulnerability (GHSA-2hrc-5fgp-c9c9)

Nextcloud Server is prone to an improper access control vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

PT-2023-29439 · Nextcloud · Nextcloud Talk

Name of the Vulnerable Software and Affected Versions: Nextcloud Talk versions prior to 15.0.8 Nextcloud Talk versions prior to 16.0.6 Nextcloud Talk versions prior to 17.1.1 Description: The issue concerns the brute force protection of public talk conversation passwords in Nextcloud Talk, a chat...

PT-2023-6441 · Nextcloud +2 · Nextcloud +2

Name of the Vulnerable Software and Affected Versions: Nextcloud versions prior to 25.0.8 Nextcloud versions prior to 26.0.3 Nextcloud versions prior to 27.0.1 Description: The issue is related to the storage of OAuth2 tokens in plaintext in Nextcloud, allowing an attacker who has gained access t...

Nextcloud: HTML injection in search UI when selecting a circle with HTML in the display name

An HTML injection vulnerability was discovered in the search user interface of a cloud application. When selecting a circle with HTML in the display name, this could allow redirection to malicious websites or other adverse impacts such as data theft, phishing, or malware distribution...

CVE-2023-39960

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server starting with 25.0.0 and prior to 25.09 and 26.04; as well as Nextcloud Enterprise Server starting with 22.0.0 and prior to 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, and 26.0.4; missing...

Code injection

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server starting with 25.0.0 and prior to 25.09 and 26.04; as well as Nextcloud Enterprise Server starting with 22.0.0 and prior to 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, and 26.0.4; missing...

CVE-2023-39960 Nextcloud Server has improper restriction of excessive authentication attempts on WebDAV endpoint

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server starting with 25.0.0 and prior to 25.09 and 26.04; as well as Nextcloud Enterprise Server starting with 22.0.0 and prior to 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, and 26.0.4; missing...

CVE-2023-39960 Nextcloud Server has improper restriction of excessive authentication attempts on WebDAV endpoint

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server starting with 25.0.0 and prior to 25.09 and 26.04; as well as Nextcloud Enterprise Server starting with 22.0.0 and prior to 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, and 26.0.4; missing...

CVE-2023-39960

Technical details for CVE-2023-39960 are not publicly available in the provided documents; monitor for updates.

CVE-2023-39960 Nextcloud Server has improper restriction of excessive authentication attempts on WebDAV endpoint

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server starting with 25.0.0 and prior to 25.09 and 26.04; as well as Nextcloud Enterprise Server starting with 22.0.0 and prior to 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, and 26.0.4; missing...

Improper restriction of excessive authentication attempts on WebDAV endpoint

None...

Nextcloud Security Breach

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server that stems from allowing an attacker to brute-force break passwords on the WebDAV API. Affected product...

The vulnerability of cloud-based software for creating and using Nextcloud storage solutions is related to improper access control, which allows attackers to gain unauthorized access to protected information.

The vulnerability of cloud-based software for creating and using Nextcloud storage solutions is related to improper access control. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

The vulnerability of cloud-based software for creating and using Nextcloud storage solutions is related to an improper limitation on excessive authentication attempts. This allows a hacker to access the secret data of configured OAuth2 clients.

The vulnerability of cloud-based software for creating and using Nextcloud storage solutions is related to an improper limitation on excessive authentication attempts. Exploiting this vulnerability could allow a malicious actor to access the secret data of configured OAuth2 clients remotely...

The vulnerability of cloud-based software for creating and using Nextcloud storage solutions is related to improper access control, which allows attackers to gain unauthorized access to protected information.

The vulnerability of cloud-based software for creating and using Nextcloud storage solutions is related to improper access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information by sending a DAV request that reveals...

The vulnerability of cloud-based software for creating and using Nextcloud data storage solutions is related to improper access control, which allows a hacker to change user passwords.

The vulnerability of cloud-based software for creating and using Nextcloud storage solutions is related to the absence of password confirmation for users who access the system. Exploiting this vulnerability can allow attackers to change user passwords...