Page 11 of 155 results (0.007 seconds)

CVSS: 4.8EPSS: 0%CPEs: 5EXPL: 0

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to versions 23.0.10 and 24.0.6 and Nextcloud Enterprise Server prior to versions 22.2.10, 23.0.10, and 24.0.6 are vulnerable to a logged-in attacker slowing down the system by generating a lot of database/cpu load. Nextcloud Server versions 23.0.10 and 24.0.6 and Nextcloud Enterprise Server versions 22.2.10, 23.0.10, and 24.0.6 contain patches for this issue. As a workaround, disable the Circles app. Nextcloud Server es el software de servidor de archivos para Nextcloud, una plataforma de productividad autohospedada. • https://github.com/nextcloud/circles/pull/1147 https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wxx7-w5p4-7x4c https://hackerone.com/reports/1688199 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 1

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server prior to versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server prior to versions 22.2.10.5, 23.0.9, and 24.0.5 an attacker reading `nextcloud.log` may gain knowledge of credentials to connect to a SharePoint service. Nextcloud Server versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server versions 22.2.10.5, 23.0.9, and 24.0.5 contain a patch for this issue. As a workaround, set `zend.exception_ignore_args = On` as an option in `php.ini`. Nextcloud Server es el software de servidor de archivos para Nextcloud, una plataforma de productividad autohospedada. • https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qpf5-jj85-36h5 https://github.com/nextcloud/server/pull/33689 https://github.com/nextcloud/sharepoint/issues/141 https://hackerone.com/reports/1652903 • CWE-312: Cleartext Storage of Sensitive Information •

CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0

Nextcloud server is an open source personal cloud platform. In affected versions it was found that locally running webservices can be found and requested erroneously. It is recommended that the Nextcloud Server is upgraded to 23.0.8 or 24.0.4. It is recommended that the Nextcloud Enterprise Server is upgraded to 22.2.10.4, 23.0.8 or 24.0.4. There are no known workarounds for this issue. • https://github.com/nextcloud/security-advisories/security/advisories/GHSA-rmf9-w497-8cq8 https://github.com/nextcloud/server/pull/32988 https://github.com/nextcloud/server/pull/33031 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

Nextcloud server is an open source personal cloud product. Affected versions of this package are vulnerable to Information Exposure which fails to strip the Authorization header on HTTP downgrade. This can lead to account access exposure and compromise. It is recommended that the Nextcloud Server is upgraded to 23.0.7 or 24.0.3. It is recommended that the Nextcloud Enterprise Server is upgraded to 22.2.11, 23.0.7 or 24.0.3. • https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vqgm-f748-g76v https://github.com/nextcloud/server/pull/32941 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-863: Incorrect Authorization •

CVSS: 2.7EPSS: 0%CPEs: 2EXPL: 0

Nextcloud server is an open source personal cloud solution. The audit log is used to get a full trail of the actions which has been incompletely populated. In affected versions federated share events were not properly logged which would allow brute force attacks to go unnoticed. This behavior exacerbates the impact of CVE-2022-31118. It is recommended that the Nextcloud Server is upgraded to 22.2.7, 23.0.4 or 24.0.0. • https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9qvg-7fwg-722x https://github.com/nextcloud/server/pull/31594/commits/1d8bf9a89c6856218802a1d365000a5831be8655 https://portal.nextcloud.com/article/using-the-audit-log-44.html • CWE-778: Insufficient Logging •