Filtered by vendor Nextcloud
Subscriptions
Filtered by product Nextcloud Server
Subscriptions
Total
159 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-8173 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-04 | 2.2 Low |
| A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended. | ||||
| CVE-2020-8183 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-04 | 7.5 High |
| A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call. | ||||
| CVE-2020-8138 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-04 | 6.5 Medium |
| A missing check for IPv4 nested inside IPv6 in Nextcloud server < 17.0.1, < 16.0.7, and < 15.0.14 allowed a Server-Side Request Forgery (SSRF) vulnerability when subscribing to a malicious calendar URL. | ||||
| CVE-2020-8154 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-04 | 7.7 High |
| An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint. | ||||
| CVE-2020-8139 | 2 Fedoraproject, Nextcloud | 2 Fedora, Nextcloud Server | 2024-08-04 | 6.5 Medium |
| A missing access control check in Nextcloud Server < 18.0.1, < 17.0.4, and < 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL. | ||||
| CVE-2020-8120 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-04 | 6.1 Medium |
| A reflected Cross-Site Scripting vulnerability in Nextcloud Server 16.0.1 was discovered in the svg generation. | ||||
| CVE-2020-8152 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-04 | 4.4 Medium |
| Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on. | ||||
| CVE-2020-8150 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-04 | 4.1 Medium |
| A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files. | ||||
| CVE-2020-8155 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-04 | 5.4 Medium |
| An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF. | ||||
| CVE-2020-8122 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-04 | 4.3 Medium |
| A missing check in Nextcloud Server 14.0.3 could give recipient the possibility to extend the expiration date of a share they received. | ||||
| CVE-2020-8121 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-04 | 8.1 High |
| A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer. | ||||
| CVE-2020-8119 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-04 | 4.3 Medium |
| Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app. | ||||
| CVE-2020-8133 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-04 | 5.3 Medium |
| A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed an attacker to overwrite blocks in a file. | ||||
| CVE-2020-8117 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-04 | 4.3 Medium |
| Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public event. | ||||
| CVE-2020-8118 | 3 Nextcloud, Novell, Opensuse | 3 Nextcloud Server, Suse Linux Enterprise Server, Backports Sle | 2024-08-04 | 5.0 Medium |
| An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application. | ||||
| CVE-2021-41233 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-04 | 6.5 Medium |
| Nextcloud text is a collaborative document editing using Markdown built for the nextcloud server. Due to an issue with the Nextcloud Text application, which is by default shipped with Nextcloud Server, an attacker is able to access the folder names of "File Drop". For successful exploitation an attacker requires knowledge of the sharing link. It is recommended that users upgrade their Nextcloud Server to 20.0.14, 21.0.6 or 22.2.1. Users unable to upgrade should disable the Nextcloud Text application in the application settings. | ||||
| CVE-2021-41241 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-04 | 4.3 Medium |
| Nextcloud server is a self hosted system designed to provide cloud style services. The groupfolders application for Nextcloud allows sharing a folder with a group of people. In addition, it allows setting "advanced permissions" on subfolders, for example, a user could be granted access to the groupfolder but not specific subfolders. Due to a lacking permission check in affected versions, a user could still access these subfolders by copying the groupfolder to another location. It is recommended that the Nextcloud Server is upgraded to 20.0.14, 21.0.6 or 22.2.1. Users unable to upgrade should disable the "groupfolders" application in the admin settings. | ||||
| CVE-2021-41239 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-04 | 5.3 Medium |
| Nextcloud server is a self hosted system designed to provide cloud style services. In affected versions the User Status API did not consider the user enumeration settings by the administrator. This allowed a user to enumerate other users on the instance, even when user listings where disabled. It is recommended that the Nextcloud Server is upgraded to 20.0.14, 21.0.6 or 22.2.1. There are no known workarounds. | ||||
| CVE-2021-41177 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-04 | 8.1 High |
| Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, Nextcloud Server did not implement a database backend for rate-limiting purposes. Any component of Nextcloud using rate-limits (as as `AnonRateThrottle` or `UserRateThrottle`) was thus not rate limited on instances not having a memory cache backend configured. In the case of a default installation, this would notably include the rate-limits on the two factor codes. It is recommended that the Nextcloud Server be upgraded to 20.0.13, 21.0.5, or 22.2.0. As a workaround, enable a memory cache backend in `config.php`. | ||||
| CVE-2021-32801 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-03 | 5.5 Medium |
| Nextcloud server is an open source, self hosted personal cloud. In affected versions logging of exceptions may have resulted in logging potentially sensitive key material for the Nextcloud Encryption-at-Rest functionality. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.1.0. If upgrading is not an option users are advised to disable system logging to resolve this issue until such time that an upgrade can be performed Note that ff you do not use the Encryption-at-Rest functionality of Nextcloud you are not affected by this bug. | ||||