4987 matches found
Nextcloud: Unauthenticated SSRF in 3rd party module "cerdic/csstidy"
Summary: The mail extension in nextcloud includes a module called "cerdic/csstidy" which basically ships with a publicly accessible test/example interface to play with the CSS formatter and optimiser /apps/mail/vendor/cerdic/css-tidy/cssoptimiser.php. This module allows contacting any remote serv...
Nextcloud Server < 22.2.7, 23.x < 23.0.4 DoS Vulnerability (GHSA-7cwm-qph5-4h5w)
Nextcloud Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2022-31024
richdocuments is the repository for NextCloud Collabra, the app for Nextcloud Office collaboration. Prior to versions 6.0.0, 5.0.4, and 4.2.6, a user could be tricked into working against a remote Office by sending them a federated share. richdocuments versions 6.0.0, 5.0.4 and 4.2.6 contain a fi...
Design/Logic Flaw
richdocuments is the repository for NextCloud Collabra, the app for Nextcloud Office collaboration. Prior to versions 6.0.0, 5.0.4, and 4.2.6, a user could be tricked into working against a remote Office by sending them a federated share. richdocuments versions 6.0.0, 5.0.4 and 4.2.6 contain a fi...
CVE-2022-31024 Federated editing allows iframing remote servers by default in richdocuments
richdocuments is the repository for NextCloud Collabra, the app for Nextcloud Office collaboration. Prior to versions 6.0.0, 5.0.4, and 4.2.6, a user could be tricked into working against a remote Office by sending them a federated share. richdocuments versions 6.0.0, 5.0.4 and 4.2.6 contain a fi...
CVE-2022-31024
The CVE-2022-31024 issue affects Nextcloud richdocuments (Collabora) where federated shares can cause a user to edit against a remote Office by default (iframe-based exploitation). Root cause: federation setup allows instructing a user’s editing session to target a different server. Affected vers...
CVE-2022-31024 Federated editing allows iframing remote servers by default in richdocuments
richdocuments is the repository for NextCloud Collabra, the app for Nextcloud Office collaboration. Prior to versions 6.0.0, 5.0.4, and 4.2.6, a user could be tricked into working against a remote Office by sending them a federated share. richdocuments versions 6.0.0, 5.0.4 and 4.2.6 contain a fi...
CVE-2022-31024 Federated editing allows iframing remote servers by default in richdocuments
richdocuments is the repository for NextCloud Collabra, the app for Nextcloud Office collaboration. Prior to versions 6.0.0, 5.0.4, and 4.2.6, a user could be tricked into working against a remote Office by sending them a federated share. richdocuments versions 6.0.0, 5.0.4 and 4.2.6 contain a fi...
Federated editing allows iframing remote servers by default
None...
Nextcloud 访问控制错误漏洞
Nextcloud is an open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An access control error vulnerability exists in Nextcloud richdocuments versions prior to 6.0.0, prior to 5.0.4, and prior to 4.2.6, which originates from a share...
Nextcloud Resource Management Error Vulnerability (CNVD-2022-43222)
Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A resource management error vulnerability exists in Nextcloud Server versions 22.2.0 through 23.0.3, which arises from the application's inability to properly...
Nextcloud: Missing length validation of user displayname allows to generate an SQL error
Security advisory at https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6w9f-jgjx-4vj6...
CVE-2022-29243
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.7 and 23.0.4, missing input-size validation of new session names allows users to create app passwords with long names. These long names are then loaded into memory on usage,...
Input validation
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.7 and 23.0.4, missing input-size validation of new session names allows users to create app passwords with long names. These long names are then loaded into memory on usage,...
CVE-2022-29243 Improper input-size validation on the user new session name in Nextcloud Server
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.7 and 23.0.4, missing input-size validation of new session names allows users to create app passwords with long names. These long names are then loaded into memory on usage,...
CVE-2022-29243 Improper input-size validation on the user new session name in Nextcloud Server
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.7 and 23.0.4, missing input-size validation of new session names allows users to create app passwords with long names. These long names are then loaded into memory on usage,...
CVE-2022-29243 Improper input-size validation on the user new session name in Nextcloud Server
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.7 and 23.0.4, missing input-size validation of new session names allows users to create app passwords with long names. These long names are then loaded into memory on usage,...
CVE-2022-29243
CVE-2022-29243 affects Nextcloud Server: insufficient input-size validation for new session names allows creation of excessively long app passwords, whose names are loaded into memory on use and can degrade performance. Affected versions are prior to 22.2.7 and 23.0.4; a fix is provided in 22.2.7...
Nextcloud 资源管理错误漏洞
Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A resource management error vulnerability exists in Nextcloud Server versions 22.2.0 through 23.0.3, which arises from the application's inability to properly...
Improper input-size validation on the user new session name
None...