Errorsec

**Name of the Vulnerable Software and Affected Versions** Zoom Workplace for iOS versions prior to 7.0.0 **Description** A protection mechanism failure allows an authenticated user with physical access to the device to conduct a disclosure of information. **Recommendations** Update to version 7.0.0 or later.

**Name of the Vulnerable Software and Affected Versions** Nextcloud Server versions prior to 23.0.10 Nextcloud Server versions prior to 24.0.5 **Description** The issue arises from the lack of validation of calendar name lengths before they are written to a database. This allows an attacker to send excessive amounts of data to the database. **Recommendations** For versions prior to 23.0.10, update to version 23.0.10 to resolve the issue. For versions prior to 24.0.5, update to version 24.0.5 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Nextcloud Server versions prior to 22.2.10 Nextcloud Server versions prior to 23.0.7 Nextcloud Server versions prior to 24.0.3 **Description** The Nextcloud server is an open source personal cloud server. Affected versions of the Nextcloud server did not properly limit user display names, which could allow malicious users to overload the backing database and cause a denial of service. **Recommendations** For versions prior to 22.2.10, upgrade to 22.2.10. For versions prior to 23.0.7, upgrade to 23.0.7. For versions prior to 24.0.3, upgrade to 24.0.3.

**Name of the Vulnerable Software and Affected Versions** Nextcloud Talk versions prior to 12.2.7 Nextcloud Talk versions prior to 13.0.7 Nextcloud Talk versions prior to 14.0.3 **Description** Nextcloud Talk is a video and audio conferencing app for Nextcloud. Password protected conversations are susceptible to brute force attacks if the attacker has the link or conversation token. **Recommendations** For versions prior to 12.2.7, upgrade to version 12.2.7. For versions prior to 13.0.7, upgrade to version 13.0.7. For versions prior to 14.0.3, upgrade to version 14.0.3. As a temporary workaround, consider not having password protected conversations until the issue is resolved.