Log

CVE-2021-32653 edited at 01 Jun 2021 19:59:02
Severity
- Unknown
+ Low
Remote
- Unknown
+ Remote
Type
- Unknown
+ Information disclosure
Description
+ Nextcloud Server before version 21.0.2 sends user IDs to the lookup server even if the user has no fields set to be published.
References
+ https://github.com/nextcloud/security-advisories/security/advisories/GHSA-396j-vqpr-qg45
Notes
AVG-2024 edited at 01 Jun 2021 19:57:56
Severity
- Unknown
+ Low
CVE-2021-22915 edited at 01 Jun 2021 19:57:56
Severity
- Unknown
+ Low
Remote
- Unknown
+ Remote
Type
- Unknown
+ Access restriction bypass
Description
+ Nextcloud server before version 21.0.2 did not consider IPv6 subnets in the ratelimiting implementation. This could potentially result in an attacker bypassing ratelimit controls such as the Nextcloud bruteforce protection.
References
+ https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2967-6mrp-gg3p
Notes
AVG-2024 created at 01 Jun 2021 19:56:59
Packages
+ nextcloud
Issues
+ CVE-2021-22915
+ CVE-2021-32653
+ CVE-2021-32654
+ CVE-2021-32655
+ CVE-2021-32656
+ CVE-2021-32657
Status
+ Fixed
Severity
+ Unknown
Affected
+ 21.0.1-3
Fixed
+ 21.0.2-1
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2021-32654 created at 01 Jun 2021 19:56:59
AVG-2024 created at 01 Jun 2021 19:56:59
Packages
+ nextcloud
Issues
+ CVE-2021-22915
+ CVE-2021-32653
+ CVE-2021-32654
+ CVE-2021-32655
+ CVE-2021-32656
+ CVE-2021-32657
Status
+ Fixed
Severity
+ Unknown
Affected
+ 21.0.1-3
Fixed
+ 21.0.2-1
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2021-22915 created at 01 Jun 2021 19:56:59
AVG-2024 created at 01 Jun 2021 19:56:59
Packages
+ nextcloud
Issues
+ CVE-2021-22915
+ CVE-2021-32653
+ CVE-2021-32654
+ CVE-2021-32655
+ CVE-2021-32656
+ CVE-2021-32657
Status
+ Fixed
Severity
+ Unknown
Affected
+ 21.0.1-3
Fixed
+ 21.0.2-1
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2021-32655 created at 01 Jun 2021 19:56:59
AVG-2024 created at 01 Jun 2021 19:56:59
Packages
+ nextcloud
Issues
+ CVE-2021-22915
+ CVE-2021-32653
+ CVE-2021-32654
+ CVE-2021-32655
+ CVE-2021-32656
+ CVE-2021-32657
Status
+ Fixed
Severity
+ Unknown
Affected
+ 21.0.1-3
Fixed
+ 21.0.2-1
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2021-32656 created at 01 Jun 2021 19:56:59
AVG-2024 created at 01 Jun 2021 19:56:59
Packages
+ nextcloud
Issues
+ CVE-2021-22915
+ CVE-2021-32653
+ CVE-2021-32654
+ CVE-2021-32655
+ CVE-2021-32656
+ CVE-2021-32657
Status
+ Fixed
Severity
+ Unknown
Affected
+ 21.0.1-3
Fixed
+ 21.0.2-1
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2021-32657 created at 01 Jun 2021 19:56:59
AVG-2024 created at 01 Jun 2021 19:56:59
Packages
+ nextcloud
Issues
+ CVE-2021-22915
+ CVE-2021-32653
+ CVE-2021-32654
+ CVE-2021-32655
+ CVE-2021-32656
+ CVE-2021-32657
Status
+ Fixed
Severity
+ Unknown
Affected
+ 21.0.1-3
Fixed
+ 21.0.2-1
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2021-32653 created at 01 Jun 2021 19:56:59
AVG-1947 edited at 01 Jun 2021 19:49:13
Status
- Vulnerable
+ Fixed
Fixed
+ 1.10.0-1
CVE-2021-22116 edited at 01 Jun 2021 19:47:22
Description
RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint.
- A malicious can exploit the vulnerability by sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled.
+ An attacker can exploit the vulnerability by sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled.