4987 matches found
CVE-2022-35932
CVE-2022-35932 describes a missing rate limit in Nextcloud Talk for password-protected conversations. Before versions 12.2.7, 13.0.7, and 14.0.3, an attacker with the conversation link/token can brute-force the password due to lack of rate limiting. Public sources (NVD/Red Hat/GSAs) confirm the i...
CVE-2022-35932 Missing rate limit when trying to join a password protected Nextcloud Talk conversation
Nextcloud Talk is a video and audio conferencing app for Nextcloud. Prior to versions 12.2.7, 13.0.7, and 14.0.3, password protected conversations are susceptible to brute force attacks if the attacker has the link/conversation token. It is recommended that the Nextcloud Talk application is...
Nextcloud Talk 安全漏洞
Nextcloud Talk is a self-hosted local audio/video and chat communication service from Nextcloud Germany. A security vulnerability exists in Nextcloud Talk versions prior to 12.2.7, 13.0.7, and 14.0.3. An attacker exploited the vulnerability to disclose sensitive information...
Nextcloud: Multiple Vulnerabilities
Background Nextcloud is a personal cloud that runs on your own server. Description Multiple vulnerabilities have been discovered in Nextcloud. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...
Missing rate limit when trying to join a password protected Nextcloud Talk conversation
None...
Nextcloud Server < 22.2.7, 23.x < 23.0.4 Insufficient Logging Vulnerability (GHSA-9qvg-7fwg-722x)
Nextcloud Server is prone to an insufficient logging vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Nextcloud Server < 22.2.9, 23.x < 23.0.6, 24.x < 24.0.2 Improper Initialization (GHSA-2vwh-5v93-3vcq)
Nextcloud Server is prone to an insufficient logging vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2022-31119
Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions of Nextcloud mail would log user passwords to disk in the event of a misconfiguration. Should an attacker gain access to the logs complete access to affected accounts would be obtainable. It is...
Design/Logic Flaw
Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions of Nextcloud mail would log user passwords to disk in the event of a misconfiguration. Should an attacker gain access to the logs complete access to affected accounts would be obtainable. It is...
CVE-2022-31119
CVE-2022-31119 affects Nextcloud Mail: affected versions log user passwords to disk upon misconfiguration, enabling potential complete account access if log files are compromised. RedHat/Red Hat-affiliated advisories and Nextcloud security notes confirm the issue and recommend upgrading Nextcloud...
CVE-2022-31119 Password disclosure in log file in Nextcloud Mail App
Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions of Nextcloud mail would log user passwords to disk in the event of a misconfiguration. Should an attacker gain access to the logs complete access to affected accounts would be obtainable. It is...
CVE-2022-31119 Password disclosure in log file in Nextcloud Mail App
Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions of Nextcloud mail would log user passwords to disk in the event of a misconfiguration. Should an attacker gain access to the logs complete access to affected accounts would be obtainable. It is...
CVE-2022-31119 Password disclosure in log file in Nextcloud Mail App
Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions of Nextcloud mail would log user passwords to disk in the event of a misconfiguration. Should an attacker gain access to the logs complete access to affected accounts would be obtainable. It is...
CVE-2022-31120
Nextcloud server is an open source personal cloud solution. The audit log is used to get a full trail of the actions which has been incompletely populated. In affected versions federated share events were not properly logged which would allow brute force attacks to go unnoticed. This behavior...
CVE-2022-31118
Nextcloud server is an open source personal cloud solution. In affected versions an attacker could brute force to find if federated sharing is being used and potentially try to brute force access tokens for federated shares a-zA-Z0-9 ^ 15. It is recommended that the Nextcloud Server is upgraded t...
CVE-2022-31132
Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on the path ./vendor/cerdic/css-tidy/cssoptimiser.php. Access to the minifier is unrestricted and access may lead to Server-Side Request Forgery SSRF. It is recommendet t...
Design/Logic Flaw
Nextcloud server is an open source personal cloud solution. In affected versions an attacker could brute force to find if federated sharing is being used and potentially try to brute force access tokens for federated shares a-zA-Z0-9 ^ 15. It is recommended that the Nextcloud Server is upgraded t...
Design/Logic Flaw
Nextcloud server is an open source personal cloud solution. The audit log is used to get a full trail of the actions which has been incompletely populated. In affected versions federated share events were not properly logged which would allow brute force attacks to go unnoticed. This behavior...
Server side request forgery (ssrf)
Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on the path ./vendor/cerdic/css-tidy/cssoptimiser.php. Access to the minifier is unrestricted and access may lead to Server-Side Request Forgery SSRF. It is recommendet t...
CVE-2022-31132 Unauthenticated SSRF in 3rd party module "cerdic/csstidy"
Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on the path ./vendor/cerdic/css-tidy/cssoptimiser.php. Access to the minifier is unrestricted and access may lead to Server-Side Request Forgery SSRF. It is recommendet t...