Cross-site Scripting (XSS)

nextcloud-desktop is vulnerable to cross-site scripting. An attacker can inject and execute malicious HyperText Markup Language into the Desktop Client application through the notifications...

Nextcloud Server < 23.0.10, 24.x < 24.0.5 DoS Vulnerability (GHSA-m92j-xxc8-hq3v)

Nextcloud Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2022-41969

Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.11, 24.0.7, and 25.0.0, there is no password length limit when creating a user as an administrator. An administrator can cause a limited DoS attack against their own server. Versions 23.0.11, 24.0.7, and 25.0.0 conta...

CVE-2022-41970

Nextcloud Server is an open source personal cloud server. Prior to versions 24.0.7 and 25.0.1, disabled download shares still allow download through preview images. Images could be downloaded and previews of documents first page can be downloaded without being watermarked. Versions 24.0.7 and...

CVE-2022-41968

Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.10 and 24.0.5, calendar name lengths are not validated before writing to a database. As a result, an attacker can send unnecessary amounts of data against the database. Version 23.0.10 and 24.0.5 contain patches for...

CVE-2022-41971

Nextcould Talk android is a video and audio conferencing app for Nextcloud. Prior to versions 12.2.8, 13.0.10, 14.0.6, and 15.0.0, guests can continue to receive video streams from a call after being removed from a conversation. An attacker would be able to see videos on a call in a public...

Code injection

Nextcloud Server is an open source personal cloud server. Prior to versions 24.0.7 and 25.0.1, disabled download shares still allow download through preview images. Images could be downloaded and previews of documents first page can be downloaded without being watermarked. Versions 24.0.7 and...

Code injection

Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.11, 24.0.7, and 25.0.0, there is no password length limit when creating a user as an administrator. An administrator can cause a limited DoS attack against their own server. Versions 23.0.11, 24.0.7, and 25.0.0 conta...

Code injection

Nextcould Talk android is a video and audio conferencing app for Nextcloud. Prior to versions 12.2.8, 13.0.10, 14.0.6, and 15.0.0, guests can continue to receive video streams from a call after being removed from a conversation. An attacker would be able to see videos on a call in a public...

Code injection

Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.10 and 24.0.5, calendar name lengths are not validated before writing to a database. As a result, an attacker can send unnecessary amounts of data against the database. Version 23.0.10 and 24.0.5 contain patches for...

CVE-2022-41971 Nextcloud Talk guests can continue to receive video streams from call after being removed from a conversation

Nextcould Talk android is a video and audio conferencing app for Nextcloud. Prior to versions 12.2.8, 13.0.10, 14.0.6, and 15.0.0, guests can continue to receive video streams from a call after being removed from a conversation. An attacker would be able to see videos on a call in a public...

CVE-2022-41971

Nextcloud Talk for Android suffers a vulnerability where guests removed from a conversation can continue to receive video streams in a public call. Affected versions prior to 12.2.8, 13.0.10, 14.0.6, and 15.0.0 are vulnerable; patches are provided in those respective versions. The issue enables a...

CVE-2022-41971 Nextcloud Talk guests can continue to receive video streams from call after being removed from a conversation

Nextcould Talk android is a video and audio conferencing app for Nextcloud. Prior to versions 12.2.8, 13.0.10, 14.0.6, and 15.0.0, guests can continue to receive video streams from a call after being removed from a conversation. An attacker would be able to see videos on a call in a public...

CVE-2022-41971 Nextcloud Talk guests can continue to receive video streams from call after being removed from a conversation

Nextcould Talk android is a video and audio conferencing app for Nextcloud. Prior to versions 12.2.8, 13.0.10, 14.0.6, and 15.0.0, guests can continue to receive video streams from a call after being removed from a conversation. An attacker would be able to see videos on a call in a public...

CVE-2022-41970 Nextcloud Server's disabled download shares still allow download through preview images

Nextcloud Server is an open source personal cloud server. Prior to versions 24.0.7 and 25.0.1, disabled download shares still allow download through preview images. Images could be downloaded and previews of documents first page can be downloaded without being watermarked. Versions 24.0.7 and...

CVE-2022-41970

CVE-2022-41970 affects Nextcloud Server prior to 24.0.7 and 25.0.1, where disabled download shares could still be accessed via preview images. As a result, images could be downloaded and the first page of document previews could be downloaded without watermark, effectively bypassing intended prot...

CVE-2022-41970 Nextcloud Server's disabled download shares still allow download through preview images

Nextcloud Server is an open source personal cloud server. Prior to versions 24.0.7 and 25.0.1, disabled download shares still allow download through preview images. Images could be downloaded and previews of documents first page can be downloaded without being watermarked. Versions 24.0.7 and...

CVE-2022-41969 Nextcloud Server has no password length limit when creating a user as an administrator

Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.11, 24.0.7, and 25.0.0, there is no password length limit when creating a user as an administrator. An administrator can cause a limited DoS attack against their own server. Versions 23.0.11, 24.0.7, and 25.0.0 conta...

CVE-2022-41969

Summary: CVE-2022-41969 affects Nextcloud Server where there is no password length limit when creating a user as an administrator, enabling a limited DoS on the administrator’s own server. Affects (versions): Nextcloud Server versions prior to 23.0.11, 24.0.7, and 25.0.0. Impact (as stated): Limi...

CVE-2022-41969 Nextcloud Server has no password length limit when creating a user as an administrator

Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.11, 24.0.7, and 25.0.0, there is no password length limit when creating a user as an administrator. An administrator can cause a limited DoS attack against their own server. Versions 23.0.11, 24.0.7, and 25.0.0 conta...