4992 matches found
Notes attachment render HTML in preview mode
None...
user_oidc app stores client secret unencrypted in database
None...
Issuer not verified from obtained token in user_oidc
None...
Advanced permissions not respected when copying entire group folders
None...
PT-2023-27171 · User Oidc +1 · User Oidc +1
Name of the Vulnerable Software and Affected Versions: user oidc versions 1.0.0 through 1.3.2 Description: The issue affects the user oidc module, which provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. An attacker with at least read access to a snapshot of the...
Nextcloud Access Control Error Vulnerability
Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. An access control error vulnerability exists in Nextcloud Server that stems from a lack of password validation...
Nextcloud Access Control Error Vulnerability
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An Access Control Error vulnerability exists in Nextcloud Server. An attacker exploiting this vulnerability could delete any personal or global external...
Nextcloud user_oidc security vulnerability
Nextcloud useroidc is an application from Nextcloud, Germany. A security vulnerability exists in Nextcloud useroidc version 1.0.0 through versions prior to 1.3.3, which stems from a lack of validation of the issuer...
Nextcloud user_oidc security vulnerability
Nextcloud useroidc is an application from Nextcloud, Germany. A security vulnerability exists in Nextcloud useroidc version 1.0.0 through versions prior to 1.3.3. An attacker can exploit this vulnerability to impersonate the Nextcloud server against a linked server...
Nextcloud Access Control Error Vulnerability
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An Access Control Error vulnerability exists in Nextcloud Server. An attacker exploiting this vulnerability could send a DAV request that would indicate to...
Nextcloud Access Control Error Vulnerability
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An access control error vulnerability exists in Nextcloud Server. An attacker could exploit the vulnerability to access files within subfolders of a group...
PT-2023-5256 · Nextcloud +2 · Nextcloud Server +2
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions 22.0.0 through 22.2.10.12 Nextcloud Server versions 23.0.0 through 23.0.12.7 Nextcloud Server versions 24.0.0 through 24.0.12.3 Nextcloud Server versions 25.0.0 through 25.0.7 Nextcloud Server versions 26.0.0 through...
PT-2023-5259 · Nextcloud +2 · Nextcloud Server +2
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions 25.0.0 through 25.0.8 Nextcloud Server versions 26.0.0 through 26.0.3 Nextcloud Server versions 27.0.0 through 27.0.0 Description: The issue is related to improper access control in Nextcloud Server, which provides...
PT-2023-5257 · Nextcloud +2 · Nextcloud Server +2
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions 20.0.0 through 20.0.14.14 Nextcloud Server versions 21.0.0 through 21.0.9.12 Nextcloud Server versions 22.0.0 through 22.2.10.13 Nextcloud Server versions 23.0.0 through 23.0.12.7 Nextcloud Server versions 24.0.0...
PT-2023-27175 · Nextcloud +1 · Nextcloud Server +1
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions 24.0.4 through 25.0.8 Nextcloud Server versions 26.0.0 through 26.0.3 Nextcloud Server versions 27.0.0 through 27.0.0 Description: Nextcloud Server provides data storage for Nextcloud, an open source cloud platform...
PT-2023-27170 · Nextcloud · Nextcloud +1
Name of the Vulnerable Software and Affected Versions: user oidc versions 1.0.0 through 1.3.2 Description: The issue is related to the missing verification of the issuer in the user oidc module for Nextcloud, allowing an attacker to perform a man-in-the-middle attack by returning corrupted or kno...
Nextcloud Security Breach
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server. An attacker could use this vulnerability to brute-force break the client secrets of a configured OAuth...
PT-2023-27173 · Nextcloud · Nextcloud Talk Android
Name of the Vulnerable Software and Affected Versions: Nextcloud Talk Android versions prior to 17.0.0 Description: Nextcloud Talk Android allows users to place video and audio calls through Nextcloud on Android. An unprotected intent in versions prior to 17.0.0 allowed malicious third-party apps...
Nextcloud Notes 跨站脚本漏洞
Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A cross-site scripting vulnerability exists in Nextcloud Notes version 4.4.0 up to and including 4.8.0, which stems from the fact that when a notes file is...
Nextcloud Access Control Error Vulnerability
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An access control error vulnerability exists in Nextcloud Server. An attacker could exploit the vulnerability to inline add an image to a text file and...