Page 3 of 15 results (0.009 seconds)

CVSS: 1.8EPSS: 0%CPEs: 3EXPL: 0

Nextcloud Server is a self hosted personal cloud system. Under certain conditions the password of a user was stored unencrypted in the session data. The session data is encrypted before being saved in the session storage (Redis or disk), but it would allow a malicious process that gains access to the memory of the PHP process, to get access to the cleartext password of the user. It is recommended that the Nextcloud Server is upgraded to 28.0.12, 29.0.9 or 30.0.2. • https://github.com/nextcloud/security-advisories/security/advisories/GHSA-w7v5-mgxm-v6gm https://github.com/nextcloud/server/commit/d25a0a2896a2a981939cacb8ee0d555feef22b3b https://github.com/nextcloud/server/pull/48915 • CWE-312: Cleartext Storage of Sensitive Information •

CVSS: 3.5EPSS: 0%CPEs: 3EXPL: 0

Nextcloud Server is a self hosted personal cloud system. Private shared calendar events' recurrence exceptions can be read by sharees. It is recommended that the Nextcloud Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1 and that the Nextcloud Enterprise Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1. Nextcloud Server es un sistema de nube personal autohospedado. Los participantes pueden leer las excepciones de recurrencia de los eventos privados del calendario compartido. • https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h4xv-cjpm-j595 https://github.com/nextcloud/server/pull/45309 https://hackerone.com/reports/2479325 • CWE-284: Improper Access Control •

CVSS: 3.5EPSS: 0%CPEs: 3EXPL: 0

Nextcloud Server is a self hosted personal cloud system. A malicious user was able to send delete requests for old versions of files they only got shared with read permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3 and that the Nextcloud Enterprise Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3. Nextcloud Server es un sistema de nube personal autohospedado. Un usuario malintencionado pudo enviar solicitudes de eliminación de versiones antiguas de archivos que solo compartieron con permisos de lectura. • https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xwgx-f37p-xh8c https://github.com/nextcloud/server/pull/43727 https://hackerone.com/reports/2290680 • CWE-284: Improper Access Control •

CVSS: 3.5EPSS: 0%CPEs: 3EXPL: 0

Nextcloud Server is a self hosted personal cloud system. An attacker with read-only access to a file is able to restore older versions of a document when the files_versions app is enabled. It is recommended that the Nextcloud Server is upgraded to 26.0.12, 27.1.7 or 28.0.3 and that the Nextcloud Enterprise Server is upgraded to 23.0.12.16, 24.0.12.12, 25.0.13.6, 26.0.12, 27.1.7 or 28.0.3. Nextcloud Server es un sistema de nube personal autohospedado. Un atacante con acceso de solo lectura a un archivo puede restaurar versiones anteriores de un documento cuando la aplicación files_versions está habilitada. • https://github.com/nextcloud/security-advisories/security/advisories/GHSA-5mq8-738w-5942 https://github.com/nextcloud/server/pull/43727 https://hackerone.com/reports/1356508 • CWE-284: Improper Access Control •

CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0

Nextcloud server is a self hosted personal cloud system. Under some circumstance it was possible to bypass the second factor of 2FA after successfully providing the user credentials. It is recommended that the Nextcloud Server is upgraded to 26.0.13, 27.1.8 or 28.0.4 and Nextcloud Enterprise Server is upgraded to 21.0.9.17, 22.2.10.22, 23.0.12.17, 24.0.12.13, 25.0.13.8, 26.0.13, 27.1.8 or 28.0.4. El servidor Nextcloud es un sistema de nube personal autohospedado. En algunas circunstancias, fue posible omitir el segundo factor de 2FA después de proporcionar correctamente las credenciales del usuario. • https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9v72-9xv5-3p7c https://github.com/nextcloud/server/pull/44276 https://hackerone.com/reports/2419776 • CWE-287: Improper Authentication •