CVE-2023-39959

MEDIUM Year: 2023
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-284
View all →

Vulnerability Description

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.9, 26.0.4, and 27.0.1, unauthenticated users could send a DAV request which reveals whether a calendar or an address book with the given identifier exists for the victim. Nextcloud Server versions 25.0.9, 26.0.4, and 27.0.1 and Nextcloud Enterprise Server versions 25.0.9, 26.0.4, and 27.0.1 contain a patch for this issue. No known workarounds are available.

Related Vulnerabilities

CVE-2015-4902

MEDIUM
CVSS:5.3(Medium)

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect integrity via unknown vectors related to Deployment.

CWE-2842015

CVE-2015-7577

MEDIUM
CVSS:5.3(Medium)

activerecord/lib/active_record/nested_attributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2.x before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1...

CWE-2842015

CVE-2015-8139

MEDIUM
CVSS:5.3(Medium)

ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors.

CWE-2842015

CVE-2015-8627

MEDIUM
CVSS:5.3(Medium)

MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly normalize IP addresses containing zero-padded octets, which might allow remote attackers ...

CWE-2842015

CVE-2015-8987

MEDIUM
CVSS:5.3(Medium)

Man-in-the-middle (MitM) attack vulnerability in non-Mac OS agents in McAfee (now Intel Security) Agent (MA) 4.8.0 patch 2 and earlier allows attackers to make a McAfee Agent talk with another, possib...

CWE-2842015