Page 7 of 42 results (0.010 seconds)

CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 25.0.1 24.0.8, and 23.0.12 missing rate limiting on password reset functionality. This could result in service slowdown, storage overflow, or cost impact when using external email services. Users should upgrade to Nextcloud Server 25.0.1, 24.0.8, or 23.0.12 or Nextcloud Enterprise Server 25.0.1, 24.0.8, or 23.0.12 to receive a patch. No known workarounds are available. • https://github.com/nextcloud/security-advisories/security/advisories/GHSA-492h-596q-xr2f https://github.com/nextcloud/server/pull/34632 https://hackerone.com/reports/1691195 • CWE-284: Improper Access Control •

CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0

Nextcloud Server is an open source personal cloud server. Prior to versions 24.0.7 and 25.0.1, disabled download shares still allow download through preview images. Images could be downloaded and previews of documents (first page) can be downloaded without being watermarked. Versions 24.0.7 and 25.0.1 contain a fix for this issue. No known workarounds are available. • https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9mh6-cph8-772c https://github.com/nextcloud/server/pull/34788 https://hackerone.com/reports/1745766 • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •

CVSS: 2.7EPSS: 0%CPEs: 4EXPL: 0

Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.11, 24.0.7, and 25.0.0, there is no password length limit when creating a user as an administrator. An administrator can cause a limited DoS attack against their own server. Versions 23.0.11, 24.0.7, and 25.0.0 contain a fix for the issue. As a workaround, don't create user accounts with long passwords. • https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4gm7-j7wg-m4fx https://github.com/nextcloud/server/pull/34500 https://hackerone.com/reports/1727424 • CWE-400: Uncontrolled Resource Consumption CWE-521: Weak Password Requirements •

CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0

Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.10 and 24.0.5, calendar name lengths are not validated before writing to a database. As a result, an attacker can send unnecessary amounts of data against the database. Version 23.0.10 and 24.0.5 contain patches for the issue. No known workarounds are available. • https://github.com/nextcloud/security-advisories/security/advisories/GHSA-m92j-xxc8-hq3v https://github.com/nextcloud/server/pull/33139 https://hackerone.com/reports/1596148 • CWE-400: Uncontrolled Resource Consumption CWE-1284: Improper Validation of Specified Quantity in Input •

CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0

Nextcloud server is an open source personal cloud server. Affected versions of nextcloud server did not properly limit user display names which could allow a malicious users to overload the backing database and cause a denial of service. It is recommended that the Nextcloud Server is upgraded to 22.2.10, 23.0.7 or 24.0.3. There are no known workarounds for this issue. El servidor Nextcloud es un servidor en la nube personal de código abierto. • https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6w9f-jgjx-4vj6 https://github.com/nextcloud/server/pull/33052 https://hackerone.com/reports/1588562 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TARDPRPBTI5TJRBYRVVQGTL6KWRCV5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R32L3P53AQKQQC652LA5U3AWFTZKPDK3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRAER4DCCHHSUDFHQ6LTIH4JEJFF73IU • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •