4987 matches found
CVE-2022-35931 Nextcloud Password Policy's generated passwords are not fully validated by HIBPValidator
Nextcloud Password Policy is an app that enables a Nextcloud server admin to define certain rules for passwords. Prior to versions 22.2.10, 23.0.7, and 24.0.3 the random password generator may, in very rare cases, generate common passwords that the validator itself would block. Upgrade Nextcloud...
CVE-2022-35931 Nextcloud Password Policy's generated passwords are not fully validated by HIBPValidator
Nextcloud Password Policy is an app that enables a Nextcloud server admin to define certain rules for passwords. Prior to versions 22.2.10, 23.0.7, and 24.0.3 the random password generator may, in very rare cases, generate common passwords that the validator itself would block. Upgrade Nextcloud...
CVE-2022-35931 Nextcloud Password Policy's generated passwords are not fully validated by HIBPValidator
Nextcloud Password Policy is an app that enables a Nextcloud server admin to define certain rules for passwords. Prior to versions 22.2.10, 23.0.7, and 24.0.3 the random password generator may, in very rare cases, generate common passwords that the validator itself would block. Upgrade Nextcloud...
PT-2022-23037 · Nextcloud · Nextcloud Password Policy
Name of the Vulnerable Software and Affected Versions: Nextcloud Password Policy versions prior to 22.2.10 Nextcloud Password Policy versions prior to 23.0.7 Nextcloud Password Policy versions prior to 24.0.3 Description: The random password generator in Nextcloud Password Policy may, in very rar...
Nextcloud 加密问题漏洞
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Password Policy, which stems from the fact that its random password generator may, in very rare cases, generat...
Nextcloud: Missing rate limiting on password reset functionality allows to send lot of emails
A missing rate limiting on password reset functionality in Nextcloud allowed an attacker to send a large number of emails, potentially resulting in financial loss and service disruption. The vulnerability was exploited using the IP rotate extension of Burp Suite. The issue was resolved by adding ...
Nextcloud: the complete server installation path is visible in cloud/user endpoint
Sensitive internal information, including the complete server installation path, was visible in the cloud/user endpoint of Nextcloud server versions prior to 20.0.8, 21.0.2, and 22.0.0RC2. An attacker could obtain this information by making a GET request on the endpoint while logged in. A securit...
PT-2022-24916 · Nextcloud +1 · Nextcloud Server +1
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 22.2.10 Nextcloud Server versions prior to 23.0.7 Nextcloud Server versions prior to 24.0.3 Description: The Nextcloud server is an open source personal cloud server. Affected versions of the Nextcloud serve...
PT-2022-24812 · Nextcloud +1 · Nextcloud Server +2
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 23.0.8 Nextcloud Server versions prior to 24.0.4 Nextcloud Enterprise Server versions prior to 22.2.10.4 Nextcloud Enterprise Server versions prior to 23.0.8 Nextcloud Enterprise Server versions prior to...
PT-2022-23162 · Nextcloud +1 · Nextcloud Enterprise Server +2
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 23.0.7 Nextcloud Server versions prior to 24.0.3 Nextcloud Enterprise Server versions prior to 22.2.11 Nextcloud Enterprise Server versions prior to 23.0.7 Nextcloud Enterprise Server versions prior to 24.0....
Generated passwords are not fully validated by HIBPValidator
None...
Nextcloud: Database resource exhaustion for logged-in users via sharee recommendations with circles
Summary: Registered users can generate massive database load Steps To Reproduce: 1. create 9 circles and 6 folders circles folder 50 2. share all created folders with all created circles 3. open an other folder and open the share tab, so the URI...
Nextcloud: [user_oidc] Unencrypted Communications
The OpenID Connect User Backend allows users to login to Nextcloud using SSO and is - according to the policy - part of the main scope of this program. The implementation supports plain HTTP without TLS and transfers sensitive information such as OIDC clientsecrets in an unencrypted manner...
Nextcloud: Desktop client does not verify received singed certificate in end to end encryption
Vulnerability description not provided...
Nextcloud: Profile of disabled user stays accessible
Userprofiles of disabled users keep staying accessible. on DOMAIN/u/USERID This is quite undesirable as this user has no way to clear or modify this data in case they do not want it exposed anymore. I'd assume profiles of disabled users would not be visible to ensure they can always be in control...
Nextcloud: XSS in Desktop Client in the notifications
Summary: The Nextcloud Desktop Client application does not properly neutralize the names of files before using them. Steps To Reproduce: Server Machine 1. Install the Nextcloud Server application 2. Log into your account Client Machine 3. Install the Nextcloud Desktop Client application onto a...
CVE-2022-35932
Nextcloud Talk is a video and audio conferencing app for Nextcloud. Prior to versions 12.2.7, 13.0.7, and 14.0.3, password protected conversations are susceptible to brute force attacks if the attacker has the link/conversation token. It is recommended that the Nextcloud Talk application is...
Design/Logic Flaw
Nextcloud Talk is a video and audio conferencing app for Nextcloud. Prior to versions 12.2.7, 13.0.7, and 14.0.3, password protected conversations are susceptible to brute force attacks if the attacker has the link/conversation token. It is recommended that the Nextcloud Talk application is...
CVE-2022-35932 Missing rate limit when trying to join a password protected Nextcloud Talk conversation
Nextcloud Talk is a video and audio conferencing app for Nextcloud. Prior to versions 12.2.7, 13.0.7, and 14.0.3, password protected conversations are susceptible to brute force attacks if the attacker has the link/conversation token. It is recommended that the Nextcloud Talk application is...
CVE-2022-35932 Missing rate limit when trying to join a password protected Nextcloud Talk conversation
Nextcloud Talk is a video and audio conferencing app for Nextcloud. Prior to versions 12.2.7, 13.0.7, and 14.0.3, password protected conversations are susceptible to brute force attacks if the attacker has the link/conversation token. It is recommended that the Nextcloud Talk application is...