4992 matches found
Nextcloud: Improper restriction of excessive authentication attempts on WebDAV endpoint
Vulnerability description not provided...
SUSE CVE-2023-25817
Nextcloud server is an open source, personal cloud implementation. In versions from 24.0.0 and before 24.0.9 a user could escalate their permissions to delete files they were not supposed to deletable but only viewed or downloaded. This issue has been addressed andit is recommended that the...
Nextcloud Server 24.x < 24.0.10, 25.x < 25.0.4 Missing Brute Force Protection Vulnerability (GHSA-v243-x6jc-42mp)
Nextcloud Server is prone to a missing brute force protection vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Nextcloud Server 24.x < 24.0.9 Incorrect Authorization Vulnerability (GHSA-8v5c-f752-fgpv)
Nextcloud Server is prone to an incorrect authorization vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2023-25817
Nextcloud server is an open source, personal cloud implementation. In versions from 24.0.0 and before 24.0.9 a user could escalate their permissions to delete files they were not supposed to deletable but only viewed or downloaded. This issue has been addressed andit is recommended that the...
Design/Logic Flaw
Nextcloud server is an open source, personal cloud implementation. In versions from 24.0.0 and before 24.0.9 a user could escalate their permissions to delete files they were not supposed to deletable but only viewed or downloaded. This issue has been addressed andit is recommended that the...
CVE-2023-25818
Nextcloud server is an open source, personal cloud implementation. In affected versions a malicious user could try to reset the password of another user and then brute force the 62^21 combinations for the password reset token. As of commit 704eb3aa password reset attempts are now throttled. Note...
Design/Logic Flaw
Nextcloud server is an open source, personal cloud implementation. In affected versions a malicious user could try to reset the password of another user and then brute force the 62^21 combinations for the password reset token. As of commit 704eb3aa password reset attempts are now throttled. Note...
CVE-2023-25817 Delete permissions are not saved when creating public share in Nextcloud server
Nextcloud server is an open source, personal cloud implementation. In versions from 24.0.0 and before 24.0.9 a user could escalate their permissions to delete files they were not supposed to deletable but only viewed or downloaded. This issue has been addressed andit is recommended that the...
CVE-2023-25817 Delete permissions are not saved when creating public share in Nextcloud server
Nextcloud server is an open source, personal cloud implementation. In versions from 24.0.0 and before 24.0.9 a user could escalate their permissions to delete files they were not supposed to deletable but only viewed or downloaded. This issue has been addressed andit is recommended that the...
CVE-2023-25817
CVE-2023-25817 pertains to Nextcloud Server where versions 24.0.0 through 24.0.8 allow a user to escalate permissions and delete files they should only view or download. Root cause details are not explicitly provided in the initial document beyond the vulnerability description, but the fix is cle...
CVE-2023-25817 Delete permissions are not saved when creating public share in Nextcloud server
Nextcloud server is an open source, personal cloud implementation. In versions from 24.0.0 and before 24.0.9 a user could escalate their permissions to delete files they were not supposed to deletable but only viewed or downloaded. This issue has been addressed andit is recommended that the...
CVE-2023-25818 Missing brute force protection on password reset token in Nextcloud Server
Nextcloud server is an open source, personal cloud implementation. In affected versions a malicious user could try to reset the password of another user and then brute force the 62^21 combinations for the password reset token. As of commit 704eb3aa password reset attempts are now throttled. Note...
CVE-2023-25818
CVE-2023-25818 affects Nextcloud Server in multiple versions: 24.0.0–24.0.10 and 25.0.0–25.0.4 (and related Enterprise/server variants). The root cause is lack of brute-force protection on authentication-related endpoints (password resets), enabling potential password-guessing attacks. A throttle...
CVE-2023-25818 Missing brute force protection on password reset token in Nextcloud Server
Nextcloud server is an open source, personal cloud implementation. In affected versions a malicious user could try to reset the password of another user and then brute force the 62^21 combinations for the password reset token. As of commit 704eb3aa password reset attempts are now throttled. Note...
CVE-2023-25818 Missing brute force protection on password reset token in Nextcloud Server
Nextcloud server is an open source, personal cloud implementation. In affected versions a malicious user could try to reset the password of another user and then brute force the 62^21 combinations for the password reset token. As of commit 704eb3aa password reset attempts are now throttled. Note...
Missing brute force protection on password reset token
None...
Delete permissions are not saved when creating public share
None...
Nextcloud 安全漏洞
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in versions prior to Nextcloud 24.0.9 that stems from the ability of users to escalate their privileges to delete files the...
Nextcloud 安全漏洞
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud versions 24.x prior to 24.0.10 and 25.x prior to 25.0.4, which stems from the possibility that a malicious use...