4992 matches found
CVE-2022-41968 Nextcloud Server's calendar name length not validated before writing to database
Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.10 and 24.0.5, calendar name lengths are not validated before writing to a database. As a result, an attacker can send unnecessary amounts of data against the database. Version 23.0.10 and 24.0.5 contain patches for...
CVE-2022-41968
Nextcloud Server vulnerability CVE-2022-41968: calendar name lengths were not validated before writing to the database, affecting versions prior to 23.0.10 and 24.0.5. Patches are available in 23.0.10 and 24.0.5; no public workarounds are documented. Connected advisories corroborate the issue as ...
CVE-2022-41968 Nextcloud Server's calendar name length not validated before writing to database
Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.10 and 24.0.5, calendar name lengths are not validated before writing to a database. As a result, an attacker can send unnecessary amounts of data against the database. Version 23.0.10 and 24.0.5 contain patches for...
Nextcloud: Contacts only sanitizes PHOTO svg if mime type is all lower case
Vulnerability description not provided...
Guests can continue to receive video streams from call after being removed from a conversation
None...
Disabled download shares still allow download through preview images
None...
No password length limit when creating a user as an administrator
None...
Calendar name length not validated before writing to database
None...
Nextcloud 资源管理错误漏洞
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A resource management error vulnerability exists in Nextcloud Server versions prior to 23.0.11, 24.0.7, and 25.0.0, which stems from creating a user as an...
PT-2022-26192 · Nextcloud +1 · Nextcloud Server +1
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 23.0.11 Nextcloud Server versions prior to 24.0.7 Nextcloud Server versions prior to 25.0.0 Description: The issue affects Nextcloud Server, an open source personal cloud server, where prior to versions...
Nextcloud 资源管理错误漏洞
Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A resource management error vulnerability exists in Nextcloud Server versions prior to 23.0.10, and prior to 24.0.5, which stems from a calendar name lengt...
Nextcloud 安全漏洞
Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server versions prior to 24.0.7, 25.0.1 and prior to 25.0.1, which stems from a disabled download share that...
PT-2022-26194 · Nextcloud +1 · Nextcloud Server +1
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 24.0.7 Nextcloud Server versions prior to 25.0.1 Description: The issue affects Nextcloud Server, an open source personal cloud server, where disabled download shares still allow download through preview...
Nextcloud 安全漏洞
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcould Talk android versions prior to 12.2.8, 13.0.10, 14.0.6, and 15.0.0, which stems from the fact that a guest can...
Nextcloud: Document content of files can be obtained through Collabora for files of other users
Vulnerability description not provided...
Nextcloud Server < 22.2.10, 23.0.x < 23.0.7, 24.0.x < 24.0.3 DoS Vulnerability (GHSA-6w9f-jgjx-4vj6)
Nextcloud Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Nextcloud: Ability to read any emails through IDOR on Nextcloud Mail
Vulnerability description not provided...
Nextcloud: Passcode bypass on Talk Android app
Summary: It is possible to bypass the passcode protection in nextcloud android talk by clicking the notification of a message. Talk App Android version: 15.0.2 RC1 Steps To Reproduce: 1. Create two users 1. Using User A login it to the web interface while User B on Talk App Android 1. Using User ...
DEBIAN-CVE-2022-39332
Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application via user status and information. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for...
CVE-2022-39333
Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue...