Michag86

**Name of the Vulnerable Software and Affected Versions** Nextcloud Server versions prior to 23.0.10 and 24.0.6 Nextcloud Enterprise Server versions prior to 22.2.10, 23.0.10, and 24.0.6 **Description** The issue allows a logged-in attacker to slow down the system by generating a lot of database/cpu load. **Recommendations** For Nextcloud Server versions prior to 23.0.10, update to version 23.0.10 or later. For Nextcloud Server versions prior to 24.0.6, update to version 24.0.6 or later. For Nextcloud Enterprise Server versions prior to 22.2.10, update to version 22.2.10 or later. For Nextcloud Enterprise Server versions prior to 23.0.10, update to version 23.0.10 or later. For Nextcloud Enterprise Server versions prior to 24.0.6, update to version 24.0.6 or later. As a temporary workaround, consider disabling the Circles app until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Nextcloud Server versions prior to 22.2.6 Nextcloud Server versions prior to 23.0.3 **Description** The issue allows a user to create a link that is not password protected, even if the administrator requires links to be password protected. There are currently no known workarounds for this issue. **Recommendations** For versions prior to 22.2.6, update to version 22.2.6 to resolve the issue. For versions prior to 23.0.3, update to version 23.0.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Circles app version 0.17.7 **Description** The issue is related to improper authorization, which allows access to be retained even after an email address has been removed from a circle. **Recommendations** For version 0.17.7, update to a newer version that addresses the improper authorization issue, as no specific fix is provided for this version. At the moment, there is no information about a newer version that contains a fix for this vulnerability.