CVE-2023-45148

Nextcloud is an open source home cloud server. When Memcached is used as memcache.distributed the rate limiting in Nextcloud Server could be reset unexpectedly resetting the rate count earlier than intended. Users are advised to upgrade to versions 25.0.11, 26.0.6 or 27.1.0. Users unable to upgra...

EUVD-2021-10044

Malware in sbrugna...

EUVD-2020-29028

Malware in sbrugna...

EUVD-2023-29132

Malicious code in bioql PyPI...

EUVD-2022-41810

Malicious code in bioql PyPI...

CVE-2024-52511

Nextcloud Tables allows users to to create tables with individual columns. By directly specifying the ID of a table or view, a malicious user could blindly insert new rows into tables they have no access to. It is recommended that the Nextcloud Tables is upgraded to 0.8.0...

Nextcloud Access Control Error Vulnerability (CNVD-2024-29657)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud suffers from an Access Control Error vulnerability that stems from a lack of access control, which can be exploited by an attacker to register an...

OPENSUSE-SU-2024:11087-1 nextcloud-22.1.1-1.2 on GA media

These are all security issues fixed in the nextcloud-22.1.1-1.2 package on the GA media of openSUSE Tumbleweed...

CVE-2024-22404 Permissions bypass in Nextcloud with the files zip app

Nextcloud files Zip app is a tool to create zip archives from one or multiple files from within Nextcloud. In affected versions users can download "view-only" files by zipping the complete folder. It is recommended that the Files ZIP app is upgraded to 1.2.1, 1.4.1, or 1.5.0. Users unable to...

Nextcloud Security Breach

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server. An attacker could use this vulnerability to brute-force break the client secrets of a configured OAuth...

user_oidc app is missing bruteforce protection

None...

CVE-2023-28847

CVE-2023-28847 affects Nextcloud Server and Enterprise Server. Description: an attacker could brute-force the password of a share link due to missing brute-force protection. Affected versions include Nextcloud Server 24.0.0–24.0.10, 25.0.0–25.0.4, and Enterprise 23.0.0–23.0.11, plus related 24.0....

PT-2022-24909 · Nextcloud · User Oidc

Name of the Vulnerable Software and Affected Versions: user oidc versions prior to 1.2.1 Description: The issue concerns the user oidc OpenID Connect user backend for Nextcloud, where sensitive information such as OIDC client credentials and tokens are sent in plain text over HTTP without TLS in...

CVE-2022-35931 Nextcloud Password Policy's generated passwords are not fully validated by HIBPValidator

Nextcloud Password Policy is an app that enables a Nextcloud server admin to define certain rules for passwords. Prior to versions 22.2.10, 23.0.7, and 24.0.3 the random password generator may, in very rare cases, generate common passwords that the validator itself would block. Upgrade Nextcloud...

CVE-2022-24886

Summary of CVE-2022-24886 (Nextcloud Android app) The issue affects Nextcloud Android app versions prior to 3.19.0 where any app with notification permission can access contacts if Nextcloud has contact access, without requesting the Contacts permission itself. Root cause: a vulnerability in the ...

OPENSUSE-SU-2022:0098-1 Security update for nextcloud

This update for nextcloud fixes the following issues: nextcloud was updated to 21.0.9: - CVE-2021-41239 CWE-200: user enumeration setting not obeyed in User Status API boo1196905 - CVE-2021-41241 CWE-863: groupfolders advanced permissions is not obeyed for subfolders boo1196908 - CVE-2021-41741...

DSA-4974-1 nextcloud-desktop - security update

Bulletin has no description...

OPENSUSE-SU-2021:1275-1 Security update for nextcloud

This update for nextcloud fixes the following issues: Update to 20.0.12 Fix boo1190291 - CVE-2021-32766 CWE-209: Generation of Error Message Containing Sensitive Information - CVE-2021-32800 CWE-306: Missing Authentication for Critical Function - CVE-2021-32801 CWE-532: Insertion of Sensitive...

OPENSUSE-SU-2021:1252-1 Security update for nextcloud

This update for nextcloud fixes the following issues: Update to 20.0.12 Fixed security issues boo1190291: - CVE-2021-32766 CWE-209: Generation of Error Message Containing Sensitive Information - CVE-2021-32800 CWE-306: Missing Authentication for Critical Function - CVE-2021-32801 CWE-532: Inserti...

OPENSUSE-SU-2021:1250-1 Security update for nextcloud

This update for nextcloud fixes the following issues: Update to 20.0.12 Fix boo1190291: - CVE-2021-32766 CWE-209: Generation of Error Message Containing Sensitive Information - CVE-2021-32800 CWE-306: Missing Authentication for Critical Function - CVE-2021-32801 CWE-532: Insertion of Sensitive...