Demonia

**Name of the Vulnerable Software and Affected Versions** Nextcloud Server versions prior to 22.2.7 Nextcloud Server versions prior to 23.0.4 **Description** The issue is related to missing input-size validation of new session names in Nextcloud Server, allowing users to create app passwords with long names. These long names are then loaded into memory on usage, resulting in impacted performance. **Recommendations** For Nextcloud Server versions prior to 22.2.7, update to version 22.2.7 or later to resolve the issue. For Nextcloud Server versions prior to 23.0.4, update to version 23.0.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Nextcloud Server versions prior to 10.0.11 Nextcloud Server versions prior to 20.0.10 Nextcloud Server versions prior to 21.0.2 **Description** A malicious user may be able to break the user administration page, disallowing administrators to administrate users on the Nextcloud instance. **Recommendations** For versions prior to 10.0.11, update to version 10.0.11 or later. For versions prior to 20.0.10, update to version 20.0.10 or later. For versions prior to 21.0.2, update to version 21.0.2 or later. As a temporary workaround, administrators can use the OCC command line tool to administrate the Nextcloud users.

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 20.0.2 Nextcloud Server versions prior to 19.0.5 Nextcloud Server versions prior to 18.0.11 Description: A missing input validation in Nextcloud Server allows users to store unlimited data in workflow rules, causing load and potential DDoS on later interactions and usage with those rules. Recommendations: For versions prior to 20.0.2, update to version 20.0.2 or later to resolve the issue. For versions prior to 19.0.5, update to version 19.0.5 or later to resolve the issue. For versions prior to 18.0.11, update to version 18.0.11 or later to resolve the issue.