CVE-2021-32657

MEDIUM Year: 2021
CVSS v3 Score
4.3
Medium
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-400
View all →

Vulnerability Description

Nextcloud Server is a Nextcloud package that handles data storage. In versions of Nextcloud Server prior to 10.0.11, 20.0.10, and 21.0.2, a malicious user may be able to break the user administration page. This would disallow administrators to administrate users on the Nextcloud instance. The vulnerability is fixed in versions 19.0.11, 20.0.10, and 21.0.2. As a workaround, administrators can use the OCC command line tool to administrate the Nextcloud users.

Related Vulnerabilities

CVE-2012-0049

MEDIUM
CVSS:4.3(Medium)

OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server.

CWE-4002012

CVE-2016-7427

MEDIUM
CVSS:4.3(Medium)

The broadcast mode replay prevention functionality in ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via a crafted broadcast mode packe...

CWE-4002016

CVE-2016-7428

MEDIUM
CVSS:4.3(Medium)

ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (reject broadcast mode packets) via the poll interval in a broadcast packet.

CWE-4002016

CVE-2018-15325

MEDIUM
CVSS:4.3(Medium)

In BIG-IP 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, iControl and TMSH usage by authenticated users may leak a small amount of memory when executing commands

CWE-4002018

CVE-2019-13011

MEDIUM
CVSS:4.3(Medium)

An issue was discovered in GitLab Enterprise Edition 8.11.0 through 12.0.2. By using brute-force a user with access to a project, but not it's repository could create a list of merge requests template...

CWE-4002019

CVE-2020-13333

MEDIUM
CVSS:4.3(Medium)

A potential DOS vulnerability was discovered in GitLab versions 13.1, 13.2 and 13.3. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks...

CWE-4002020