CVE-2023-35927 Nextcloud system addressbooks can be modified by malicious trusted server

NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until...

CVE-2023-35173 End-to-End encrypted file-drops can be made inaccessible

Nextcloud End-to-end encryption app provides all the necessary APIs to implement End-to-End encryption on the client side. By providing an invalid meta data file, an attacker can make previously dropped files inaccessible. It is recommended that the Nextcloud End-to-end encryption app is upgraded...

CVE-2023-35173

CVE-2023-35173 involves the Nextcloud End-to-end encryption app: providing an invalid metadata file can render previously dropped files inaccessible, impacting availability. A fix is available in version 1.12.4. Public sources (Nextcloud advisories, GHSA) document the issue and the upgrade recomm...

CVE-2023-35173 End-to-End encrypted file-drops can be made inaccessible

Nextcloud End-to-end encryption app provides all the necessary APIs to implement End-to-End encryption on the client side. By providing an invalid meta data file, an attacker can make previously dropped files inaccessible. It is recommended that the Nextcloud End-to-end encryption app is upgraded...

CVE-2023-35172 Nextcloud Server password reset endpoint is not brute force protected

NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until...

CVE-2023-35172 Nextcloud Server password reset endpoint is not brute force protected

NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until...

CVE-2023-35172

Technical details about CVE-2023-35172 are not publicly provided in the supplied documents. Monitor for updates from vendors and security advisories.

CVE-2023-35172 Nextcloud Server password reset endpoint is not brute force protected

NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until...

CVE-2023-35171 Nextcloud Server vulnerable to open redirect on "Unsupported browser" warning

NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. Starting in version 26.0.0 and prior to version 26.0.2, an attacker could supply a URL that redirects an unsuspecting victim from a legitimate domain to an attacker's site...

CVE-2023-35171 Nextcloud Server vulnerable to open redirect on "Unsupported browser" warning

NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. Starting in version 26.0.0 and prior to version 26.0.2, an attacker could supply a URL that redirects an unsuspecting victim from a legitimate domain to an attacker's site...

CVE-2023-35171

CVE-2023-35171 affects Nextcloud Server and Nextcloud Enterprise Server, with the issue present from 26.0.0 up to, but not including, 26.0.2. An attacker could craft a URL that redirects a victim from a legitimate domain to the attacker’s site, enabling phishing-like behavior. A fix is available ...

CVE-2023-35171 Nextcloud Server vulnerable to open redirect on "Unsupported browser" warning

NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. Starting in version 26.0.0 and prior to version 26.0.2, an attacker could supply a URL that redirects an unsuspecting victim from a legitimate domain to an attacker's site...

Nextcloud 安全漏洞

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. A security vulnerability exists in Nextcloud Server that stems from allowing an attacker to access the login credentials of other users and take over their...

Nextcloud 安全漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud End-to-end encryption app version 1.12.0 and earlier, which stems from a vulnerability that allows an attacker...

Nextcloud 输入验证错误漏洞

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An input validation error vulnerability exists in Nextcloud Server, which originates from a URL that allows an attacker to redirect a victim from a...

Nextcloud 安全漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server that stems from a vulnerability that allows an attacker to brute force a password reset link. Affected...

PT-2023-25183 · Nextcloud · Nextcloud End-To-End Encryption

Name of the Vulnerable Software and Affected Versions: Nextcloud End-to-end encryption app versions prior to 1.12.4 Description: The Nextcloud End-to-end encryption app provides APIs for implementing End-to-End encryption on the client side. An issue exists where providing an invalid meta data fi...

PT-2023-8431 · Nextcloud +2 · Nextcloud Enterprise Server +3

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions 25.0.0 through 25.0.7 Nextcloud Server versions 26.0.0 through 26.0.2 Nextcloud Enterprise Server versions 21.0.0 through 21.0.9.12 Nextcloud Enterprise Server versions 22.0.0 through 22.2.10.12 Nextcloud Enterprise...

PT-2023-8430 · Nextcloud +2 · Nextcloud Enterprise Server +3

Name of the Vulnerable Software and Affected Versions: NextCloud Server versions 26.0.0 through 26.0.1 NextCloud Enterprise Server versions 26.0.0 through 26.0.1 Description: The issue is related to open redirect vulnerability in Nextcloud Server and Nextcloud Enterprise Server. An attacker could...

Nextcloud 访问控制错误漏洞

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An access control error vulnerability exists in NextCloud Server that originates from allowing a malicious server to modify or delete VCard in the source...