Nextcloud Server < 23.0.10, 24.0.x < 24.0.6 Multiple Vulnerabilities in 3rd-party Component (GHSA-f4h6-pjhm-ph2h)

Nextcloud Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nextcloud:nextcloudserver"...

Nextcloud: App pin of the Android app can be bypassed via 3rdparty apps generating deep links

Vulnerability description not provided...

Nextcloud: No password length restriction in reset password endpoint

There was no password length restriction in the reset password endpoint of the Nextcloud platform, which could allow an attacker to perform a denial of service attack by entering a large number of characters as a password. The vulnerability has been mitigated by restricting users to use less than...

Fedora 36 : nextcloud (2022-902df3b060)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-902df3b060 advisory. Security fix for CVE-2022-39346 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

Fedora 35 : nextcloud (2022-49b20342c0)

The remote Fedora 35 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-49b20342c0 advisory. Security fix for CVE-2022-39346 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

PT-2022-6377 · Nextcloud · Nextcloud Mail

Name of the Vulnerable Software and Affected Versions: Nextcloud mail versions prior to 1.15.0 Nextcloud mail versions prior to 2.2.2 Description: The issue is related to insufficient validation of incoming requests in the Nextcloud mail client, allowing a remote attacker to scan internal service...

Nextcloud: Permissions not respected when copying entire group folders

Vulnerability description not provided...

Nextcloud: Mail app stores cleartext password in database until OAUTH2 setup is done

A vulnerability was found in the Nextcloud Mail app where the password for XOAUTH2 accounts was stored in clear text in the database during the setup process, until the OAUTH2 setup was completed. This could have allowed a database administrator to read the plaintext password...

Nextcloud: Reference fetch can saturate the server bandwidth for 10 seconds

A vulnerability existed in Nextcloud Talk that allowed an attacker to saturate the server bandwidth for up to 10 seconds by posting messages containing links to high-bandwidth resources. This could result in temporary disk space filling and severe impact on server performance or denial of service...

[SECURITY] Fedora 37 Update: nextcloud-25.0.1-1.fc37

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

[SECURITY] Fedora 36 Update: nextcloud-25.0.1-1.fc36

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

[SECURITY] Fedora 35 Update: nextcloud-25.0.1-1.fc35

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

Fedora: Security Advisory for nextcloud (FEDORA-2022-902df3b060)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for nextcloud (FEDORA-2022-49b20342c0)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for nextcloud (FEDORA-2022-98c1d712b5)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Nextcloud: Website PHP source code returned in javascript

Server-side PHP source code was disclosed to users due to a misconfiguration or typographical error in the application's script, potentially exposing sensitive information such as database passwords and secret keys...

Nextcloud Server < 24.0.7, 25.x < 25.0.1 Improper Access Control Vulnerability (GHSA-9mh6-cph8-772c)

Nextcloud Server is prone to an improper access control vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Nextcloud Server < 23.0.11, 24.x < 24.0.7 DoS Vulnerability (GHSA-4gm7-j7wg-m4fx)

Nextcloud Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Cross-site Scripting (XSS)

nextcloud-desktop is vulnerable to cross-site scripting. An attacker can inject and execute malicious HyperText Markup Language into the Desktop Client application...

Cross-site Scripting (XSS)

nextcloud-desktop is vulnerable to cross-site scripting. The vulnerability exists in ApplicationWindow function of Window.qml due to incorrectly neutralizes user-controllable input which allows an attacker to inject and execute malicious JavaScript...