4992 matches found
CVE-2023-30539
Nextcloud is a personal home server system. Depending on the set up tags and other workflows this issue can be used to limit access of others or being able to grant them access when there are system tag based files access control or files retention rules. It is recommended that the Nextcloud Serv...
CVE-2023-30540
Nextcloud Talk is a chat, video & audio call extension for Nextcloud. In affected versions a user that was added later to a conversation can use this information to get access to data that was deleted before they were added to the conversation. This issue has been patched in version 15.0.5 and it...
Code injection
Nextcloud is a personal home server system. Depending on the set up tags and other workflows this issue can be used to limit access of others or being able to grant them access when there are system tag based files access control or files retention rules. It is recommended that the Nextcloud Serv...
Design/Logic Flaw
Nextcloud Talk is a chat, video & audio call extension for Nextcloud. In affected versions a user that was added later to a conversation can use this information to get access to data that was deleted before they were added to the conversation. This issue has been patched in version 15.0.5 and it...
CVE-2023-30540
CVE-2023-30540 affects Nextcloud Talk (Nextcloud extension). A user added later to a conversation could access data that had already been deleted before their addition, representing an information disclosure. The issue has been patched in Nextcloud Talk 15.0.5; upgrading to 15.0.5 is recommended....
CVE-2023-30540 Chat poll data can still be queried from API after purging history in Nextcloud talk
Nextcloud Talk is a chat, video & audio call extension for Nextcloud. In affected versions a user that was added later to a conversation can use this information to get access to data that was deleted before they were added to the conversation. This issue has been patched in version 15.0.5 and it...
CVE-2023-30540 Chat poll data can still be queried from API after purging history in Nextcloud talk
Nextcloud Talk is a chat, video & audio call extension for Nextcloud. In affected versions a user that was added later to a conversation can use this information to get access to data that was deleted before they were added to the conversation. This issue has been patched in version 15.0.5 and it...
CVE-2023-30540 Chat poll data can still be queried from API after purging history in Nextcloud talk
Nextcloud Talk is a chat, video & audio call extension for Nextcloud. In affected versions a user that was added later to a conversation can use this information to get access to data that was deleted before they were added to the conversation. This issue has been patched in version 15.0.5 and it...
CVE-2023-30539 Users can set up workflows using restricted and invisible system tags in Nextcloud
Nextcloud is a personal home server system. Depending on the set up tags and other workflows this issue can be used to limit access of others or being able to grant them access when there are system tag based files access control or files retention rules. It is recommended that the Nextcloud Serv...
CVE-2023-30539
Nextcloud Server/server family suffers an access control vulnerability where system tag based file access control or file retention rules can be abused to limit or grant access. Affected: Nextcloud Server, Enterprise Server, and related Files automated tagging app. Root cause: misapplied access c...
CVE-2023-30539 Users can set up workflows using restricted and invisible system tags in Nextcloud
Nextcloud is a personal home server system. Depending on the set up tags and other workflows this issue can be used to limit access of others or being able to grant them access when there are system tag based files access control or files retention rules. It is recommended that the Nextcloud Serv...
CVE-2023-30539 Users can set up workflows using restricted and invisible system tags in Nextcloud
Nextcloud is a personal home server system. Depending on the set up tags and other workflows this issue can be used to limit access of others or being able to grant them access when there are system tag based files access control or files retention rules. It is recommended that the Nextcloud Serv...
Chat poll data can still be queried from API after purging history of a chat converstion
None...
Users can set up workflows using restricted and invisible system tags
None...
Nextcloud 信息泄露漏洞
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An information disclosure vulnerability exists in versions of Nextcloud prior to 15.0.5, which stems from a user who is later added to a conversation being...
Nextcloud 访问控制错误漏洞
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud suffers from an access control error vulnerability that stems from the fact that when a system label-based file access control or file retention...
PT-2023-22767 · Nextcloud · Nextcloud Talk
Name of the Vulnerable Software and Affected Versions: Nextcloud Talk versions prior to 15.0.5 Description: The issue allows a user added later to a conversation to access data that was deleted before they were added. This is a problem in Nextcloud Talk, a chat, video, and audio call extension fo...
Nextcloud Server 25.x < 25.0.3 DoS Vulnerability (GHSA-53q2-cm29-7j83)
Nextcloud Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Nextcloud Server 24.0.4 < 24.0.7, 25.x < 25.0.1 Improper Access Control Vulnerability (GHSA-7w6h-5qgw-4j94)
Nextcloud Server is prone to an improper access control vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Nextcloud: Missing permission check when removing a photo from an album
There was a vulnerability in the Nextcloud application where the permission check was missing when removing a photo from an album...