4992 matches found
CVE-2023-33182
Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. The unsanitized SVG is converted to a JavaScript blob in memory data that the Avatar can't render. Due to this constellation the missing sanitization does not seem to be exploitable. It i...
Design/Logic Flaw
Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. The unsanitized SVG is converted to a JavaScript blob in memory data that the Avatar can't render. Due to this constellation the missing sanitization does not seem to be exploitable. It i...
CVE-2023-33183
Summary: CVE-2023-33183 affects the Nextcloud Calendar app. An issue disclosed internal website paths when the SMTP server is unavailable, enabling information disclosure. Affected versions (Calendar app): prior to 3.5.5 and prior to 4.2.3. Impact (per sources): exposure of internal paths; limite...
CVE-2023-33183 Error in calendar when booking an appointment reveals the full path of the website
Calendar app for Nextcloud easily sync events from various devices with your Nextcloud. Some internal paths of the website are disclosed when the SMTP server is unavailable. It is recommended that the Calendar app is updated to 3.5.5 or 4.2.3...
CVE-2023-33183 Error in calendar when booking an appointment reveals the full path of the website
Calendar app for Nextcloud easily sync events from various devices with your Nextcloud. Some internal paths of the website are disclosed when the SMTP server is unavailable. It is recommended that the Calendar app is updated to 3.5.5 or 4.2.3...
CVE-2023-33183 Error in calendar when booking an appointment reveals the full path of the website
Calendar app for Nextcloud easily sync events from various devices with your Nextcloud. Some internal paths of the website are disclosed when the SMTP server is unavailable. It is recommended that the Calendar app is updated to 3.5.5 or 4.2.3...
CVE-2023-33182 Nextcloud Contacts photos only sanitized if mime type is all lower case
Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. The unsanitized SVG is converted to a JavaScript blob in memory data that the Avatar can't render. Due to this constellation the missing sanitization does not seem to be exploitable. It i...
CVE-2023-33182 Nextcloud Contacts photos only sanitized if mime type is all lower case
Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. The unsanitized SVG is converted to a JavaScript blob in memory data that the Avatar can't render. Due to this constellation the missing sanitization does not seem to be exploitable. It i...
CVE-2023-33182
CVE-2023-33182 concerns the Nextcloud Contacts app. The provided documents describe handling of unsanitized SVG files that are converted to a JavaScript blob in memory, which the Avatar component cannot render. The lack of sanitization is mentioned, but the sources consistently state that this co...
CVE-2023-33182 Nextcloud Contacts photos only sanitized if mime type is all lower case
Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. The unsanitized SVG is converted to a JavaScript blob in memory data that the Avatar can't render. Due to this constellation the missing sanitization does not seem to be exploitable. It i...
SUSE CVE-2023-32318
Nextcloud server provides a home for data. A regression in the session handling between Nextcloud Server and the Nextcloud Text app prevented a correct destruction of the session on logout if cookies were not cleared manually. After successfully authenticating with any other account the previous...
SUSE CVE-2023-32319
Nextcloud server is an open source personal cloud implementation. Missing brute-force protection on the WebDAV endpoints via the basic auth header allowed to brute-force user credentials when the provided user name was not an email address. Users from version 24.0.0 onward are affected. This issu...
Nextcloud Contacts 安全漏洞
Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Contacts 5.0.3 and earlier or 4.2.4 and earlier. No information about this vulnerability is available at this...
PT-2023-24199 · Nextcloud · Nextcloud Contacts
Name of the Vulnerable Software and Affected Versions: Nextcloud Contacts app versions prior to 4.2.4 Nextcloud Contacts app versions prior to 5.0.3 Description: The issue concerns the handling of unsanitized SVG files in the Contacts app for Nextcloud. These files are converted into JavaScript...
Nextcloud Calendar 安全漏洞
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Calendar v4.2.2 and earlier, v3.5.4 and earlier, which stems from the disclosure of certain internal paths to ...
CVE-2023-33184
Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that the Mail app is update to version 3.02, 2.2.5 or 1.15.3...
Server side request forgery (ssrf)
Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that the Mail app is update to version 3.02, 2.2.5 or 1.15.3...
CVE-2023-33184
CVE-2023-33184 affects the Nextcloud Mail app in Nextcloud. A blind SSRF on the avatar endpoint could cause the app to send GET requests to internal services on the same web server. The available references indicate fixes are in Nextcloud Mail updates: v3.02, v2.2.5, or v1.15.3. There is no docum...
CVE-2023-33184 Blind SSRF in the Nextcloud Mail app on avatar endpoint
Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that the Mail app is update to version 3.02, 2.2.5 or 1.15.3...
CVE-2023-33184 Blind SSRF in the Nextcloud Mail app on avatar endpoint
Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that the Mail app is update to version 3.02, 2.2.5 or 1.15.3...