PT-2023-3557 · Nextcloud +2 · Nextcloud Enterprise Server +3

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions 25.0.0 through 25.0.7 Nextcloud Server versions 26.0.0 through 26.0.2 Nextcloud Enterprise Server versions 19.0.0 through 19.0.13.9 Nextcloud Enterprise Server versions 20.0.0 through 20.0.14.14 Nextcloud Enterprise...

Nextcloud Server 25.x < 25.0.7, 26.x < 26.0.2 Multiple Vulnerabilities (GHSA-qphh-6xh7-vffg, GHSA-mjf5-p765-qmr6, GHSA-h7f7-535f-7q87, GHSA-637g-xp2c-qh5h)

Nextcloud Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nextcloud:nextcloudserver"...

Nextcloud Server 26.x < 26.0.2 Open Redirect Vulnerability (GHSA-h353-vvwv-j2r4)

Nextcloud Server is prone to an open redirect vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Nextcloud Server 25.x < 25.0.7, 26.x < 26.0.2 Brute Force Protection Vulnerability (GHSA-qphh-6xh7-vffg)

Nextcloud Server is prone to vulnerability in the brute force protection. This VT has been deprecated and replaced by the VT SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

CVE-2023-32320

Nextcloud Server is a data storage system for Nextcloud, a self-hosted productivity platform. When multiple requests are sent in parallel, all of them were executed even if the amount of faulty requests succeeded the limit by the time the response was sent to the client. This allowed someone to...

Design/Logic Flaw

Nextcloud Server is a data storage system for Nextcloud, a self-hosted productivity platform. When multiple requests are sent in parallel, all of them were executed even if the amount of faulty requests succeeded the limit by the time the response was sent to the client. This allowed someone to...

CVE-2023-32320 Nextcloud Server's brute force protection allows someone to send more requests than intended

Nextcloud Server is a data storage system for Nextcloud, a self-hosted productivity platform. When multiple requests are sent in parallel, all of them were executed even if the amount of faulty requests succeeded the limit by the time the response was sent to the client. This allowed someone to...

CVE-2023-32320 Nextcloud Server's brute force protection allows someone to send more requests than intended

Nextcloud Server is a data storage system for Nextcloud, a self-hosted productivity platform. When multiple requests are sent in parallel, all of them were executed even if the amount of faulty requests succeeded the limit by the time the response was sent to the client. This allowed someone to...

CVE-2023-32320

CVE-2023-32320 affects Nextcloud Server and Enterprise Server where, under parallel requests, the system could ignore the configured request limit and process faulty requests beyond the limit, enabling brute-force-like access to protected details. Affected versions include Nextcloud Server 25.0.7...

CVE-2023-32320 Nextcloud Server's brute force protection allows someone to send more requests than intended

Nextcloud Server is a data storage system for Nextcloud, a self-hosted productivity platform. When multiple requests are sent in parallel, all of them were executed even if the amount of faulty requests succeeded the limit by the time the response was sent to the client. This allowed someone to...

User scoped external storage can be used to gather credentials of other users

None...

System addressbooks can be modified by malicious trusted server

None...

Password reset endpoint is not brute force protected

None...

Open redirect on "Unsupported browser" warning

None...

End-to-End encrypted file-drops can be made inaccessible

None...

PT-2023-8429 · Nextcloud +2 · Nextcloud Enterprise Server +3

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 25.0.7 Nextcloud Server versions prior to 26.0.2 Nextcloud Enterprise Server versions prior to 21.0.9.12 Nextcloud Enterprise Server versions prior to 22.2.10.12 Nextcloud Enterprise Server versions prior to...

Nextcloud 安全漏洞

Nextcloud is Germany's Nextcloud company's set of open source self-hosted file synchronization and sharing communication application platform. A security vulnerability exists in Nextcloud Server versions 25.0.7, 26.0.2, Nextcloud Enterprise Server versions 21.0.9.12, 22.2.10.12, 23.0.12.7,...

ROS-20230616-06

Nextcloud Mail application vulnerability is related to insufficient validation of user-entered data in the Mail app on the avatar endpoint. data in the Mail application on the avatar endpoint. Exploitation of the vulnerability could allow an attacker, acting remotely to access sensitive data...

CVE-2023-33183

Calendar app for Nextcloud easily sync events from various devices with your Nextcloud. Some internal paths of the website are disclosed when the SMTP server is unavailable. It is recommended that the Calendar app is updated to 3.5.5 or 4.2.3...

Code injection

Calendar app for Nextcloud easily sync events from various devices with your Nextcloud. Some internal paths of the website are disclosed when the SMTP server is unavailable. It is recommended that the Calendar app is updated to 3.5.5 or 4.2.3...