Filtered by vendor Nextcloud
Subscriptions
Filtered by product Nextcloud Server
Subscriptions
Total
159 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-0895 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-05 | N/A |
| Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure of calendar and addressbook names to other logged-in users. Note that no actual content of the calendar and addressbook has been disclosed. | ||||
| CVE-2017-0886 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-05 | 6.5 Medium |
| Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Denial of Service attack. Due to an error in the application logic an authenticated adversary may trigger an endless recursion in the application leading to a potential Denial of Service. | ||||
| CVE-2017-0893 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-05 | N/A |
| Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are shipping a vulnerable JavaScript library for sanitizing untrusted user-input which suffered from a XSS vulnerability caused by a behaviour change in Safari 10.1 and 10.2. Note that Nextcloud employs a strict Content-Security-Policy preventing exploitation of this XSS issue on modern web browsers. | ||||
| CVE-2017-0890 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-05 | 5.4 Medium |
| Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue. | ||||
| CVE-2017-0887 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-05 | 4.3 Medium |
| Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation. Due to not properly sanitizing values provided by the `OC-Total-Length` HTTP header an authenticated adversary may be able to exceed their configured user quota. Thus using more space than allowed by the administrator. | ||||
| CVE-2017-0885 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-05 | 4.3 Medium |
| Nextcloud Server before 9.0.55 and 10.0.2 suffers from a error message disclosing existence of file in write-only share. Due to an error in the application logic an adversary with access to a write-only share may enumerate the names of existing files and subfolders by comparing the exception messages. | ||||
| CVE-2017-0888 | 1 Nextcloud | 2 Nextcloud, Nextcloud Server | 2024-08-05 | 4.3 Medium |
| Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoofing vulnerability in the "files" app. The top navigation bar displayed in the files list contained partially user-controllable input leading to a potential misrepresentation of information. | ||||
| CVE-2017-0884 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-05 | 4.3 Medium |
| Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue. Due to a logical error in the file caching layer an authenticated adversary is able to create empty folders inside a shared folder. Note that this only affects folders and files that the adversary has at least read-only permissions for. | ||||
| CVE-2017-0892 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-05 | 3.5 Low |
| Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an application specific password without permission to the files access to the users file. | ||||
| CVE-2017-0894 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-05 | 4.3 Medium |
| Nextcloud Server before 11.0.3 is vulnerable to disclosure of valid share tokens for public calendars due to a logical error. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token. | ||||
| CVE-2017-0891 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-05 | N/A |
| Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to an inadequate escaping of error messages leading to XSS vulnerabilities in multiple components. | ||||
| CVE-2017-0883 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-05 | N/A |
| Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue. A permission related issue within the OCS sharing API allowed an authenticated adversary to reshare shared files with an increasing permission set. This may allow an attacker to edit files in a share despite having only a 'read' permission set. Note that this only affects folders and files that the adversary has at least read-only permissions for. | ||||
| CVE-2018-16465 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-05 | N/A |
| Missing state in Nextcloud Server prior to 14.0.0 would not enforce the use of a second factor at login if the the provider of the second factor failed to load. | ||||
| CVE-2018-16464 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-05 | N/A |
| A missing access check in Nextcloud Server prior to 14.0.0 could lead to continued access to password protected link shares when the owner had changed the password. | ||||
| CVE-2018-16467 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-05 | N/A |
| A missing check in Nextcloud Server prior to 14.0.0 could give unauthorized access to the previews of single file password protected shares. | ||||
| CVE-2018-16466 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-05 | N/A |
| Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrictions by acess tokens. | ||||
| CVE-2018-16463 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-05 | N/A |
| A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could potentially allow an attacker to obtain access to password protected shares. | ||||
| CVE-2018-3776 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-05 | 5.3 Medium |
| Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker's actions not being logged in the audit log. | ||||
| CVE-2018-3775 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-05 | 8.8 High |
| Improper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obtained user credentials to bypass the 2 Factor Authentication. | ||||
| CVE-2018-3762 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-05 | 4.3 Medium |
| Nextcloud Server before 12.0.8 and 13.0.3 suffers from improper checks of dropped permissions for incoming shares allowing a user to still request previews for files it should not have access to. | ||||