Nextcloud Server — набор клиент-серверных программ для создания и использования хранилища данных.
Релизный цикл, информация об уязвимостях
График релизов
Количество 440
CVE-2022-41970
Nextcloud Server is an open source personal cloud server. Prior to versions 24.0.7 and 25.0.1, disabled download shares still allow download through preview images. Images could be downloaded and previews of documents (first page) can be downloaded without being watermarked. Versions 24.0.7 and 25.0.1 contain a fix for this issue. No known workarounds are available.
CVE-2022-41970
Nextcloud Server is an open source personal cloud server. Prior to ver ...
CVE-2022-41969
Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.11, 24.0.7, and 25.0.0, there is no password length limit when creating a user as an administrator. An administrator can cause a limited DoS attack against their own server. Versions 23.0.11, 24.0.7, and 25.0.0 contain a fix for the issue. As a workaround, don't create user accounts with long passwords.
CVE-2022-41969
Nextcloud Server is an open source personal cloud server. Prior to ver ...
CVE-2022-41968
Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.10 and 24.0.5, calendar name lengths are not validated before writing to a database. As a result, an attacker can send unnecessary amounts of data against the database. Version 23.0.10 and 24.0.5 contain patches for the issue. No known workarounds are available.
CVE-2022-41968
Nextcloud Server is an open source personal cloud server. Prior to ver ...
CVE-2022-39346
Nextcloud server is an open source personal cloud server. Affected versions of nextcloud server did not properly limit user display names which could allow a malicious users to overload the backing database and cause a denial of service. It is recommended that the Nextcloud Server is upgraded to 22.2.10, 23.0.7 or 24.0.3. There are no known workarounds for this issue.
CVE-2022-39346
Nextcloud server is an open source personal cloud server. Affected ver ...
CVE-2022-39364
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server prior to versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server prior to versions 22.2.10.5, 23.0.9, and 24.0.5 an attacker reading `nextcloud.log` may gain knowledge of credentials to connect to a SharePoint service. Nextcloud Server versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server versions 22.2.10.5, 23.0.9, and 24.0.5 contain a patch for this issue. As a workaround, set `zend.exception_ignore_args = On` as an option in `php.ini`.
CVE-2022-39364
Nextcloud Server is the file server software for Nextcloud, a self-hos ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2022-41970 Nextcloud Server is an open source personal cloud server. Prior to versions 24.0.7 and 25.0.1, disabled download shares still allow download through preview images. Images could be downloaded and previews of documents (first page) can be downloaded without being watermarked. Versions 24.0.7 and 25.0.1 contain a fix for this issue. No known workarounds are available. | CVSS3: 2.6 | 0% Низкий | около 3 лет назад |
| CVE-2022-41970 Nextcloud Server is an open source personal cloud server. Prior to ver ... | CVSS3: 2.6 | 0% Низкий | около 3 лет назад |
| CVE-2022-41969 Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.11, 24.0.7, and 25.0.0, there is no password length limit when creating a user as an administrator. An administrator can cause a limited DoS attack against their own server. Versions 23.0.11, 24.0.7, and 25.0.0 contain a fix for the issue. As a workaround, don't create user accounts with long passwords. | CVSS3: 2.4 | 0% Низкий | около 3 лет назад |
| CVE-2022-41969 Nextcloud Server is an open source personal cloud server. Prior to ver ... | CVSS3: 2.4 | 0% Низкий | около 3 лет назад |
| CVE-2022-41968 Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.10 and 24.0.5, calendar name lengths are not validated before writing to a database. As a result, an attacker can send unnecessary amounts of data against the database. Version 23.0.10 and 24.0.5 contain patches for the issue. No known workarounds are available. | CVSS3: 3.5 | 0% Низкий | около 3 лет назад |
| CVE-2022-41968 Nextcloud Server is an open source personal cloud server. Prior to ver ... | CVSS3: 3.5 | 0% Низкий | около 3 лет назад |
| CVE-2022-39346 Nextcloud server is an open source personal cloud server. Affected versions of nextcloud server did not properly limit user display names which could allow a malicious users to overload the backing database and cause a denial of service. It is recommended that the Nextcloud Server is upgraded to 22.2.10, 23.0.7 or 24.0.3. There are no known workarounds for this issue. | CVSS3: 3.5 | 0% Низкий | около 3 лет назад |
| CVE-2022-39346 Nextcloud server is an open source personal cloud server. Affected ver ... | CVSS3: 3.5 | 0% Низкий | около 3 лет назад |
| CVE-2022-39364 Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server prior to versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server prior to versions 22.2.10.5, 23.0.9, and 24.0.5 an attacker reading `nextcloud.log` may gain knowledge of credentials to connect to a SharePoint service. Nextcloud Server versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server versions 22.2.10.5, 23.0.9, and 24.0.5 contain a patch for this issue. As a workaround, set `zend.exception_ignore_args = On` as an option in `php.ini`. | CVSS3: 4 | 0% Низкий | больше 3 лет назад |
| CVE-2022-39364 Nextcloud Server is the file server software for Nextcloud, a self-hos ... | CVSS3: 4 | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу