Filtered by vendor Nextcloud
Subscriptions
Total
310 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-8228 | 2 Nextcloud, Opensuse | 3 Preferred Providers, Backports Sle, Leap | 2024-08-04 | 5.3 Medium |
| A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times. | ||||
| CVE-2020-8227 | 2 Linux, Nextcloud | 2 Linux Kernel, Desktop | 2024-08-04 | 6.8 Medium |
| Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory. | ||||
| CVE-2020-8181 | 1 Nextcloud | 1 Contacts | 2024-08-04 | 4.3 Medium |
| A missing file type check in Nextcloud Contacts 3.2.0 allowed a malicious user to upload any file as avatars. | ||||
| CVE-2020-8173 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-04 | 2.2 Low |
| A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended. | ||||
| CVE-2020-8179 | 1 Nextcloud | 1 Deck | 2024-08-04 | 4.1 Medium |
| Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to inject tasks into other users decks. | ||||
| CVE-2020-8183 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-04 | 7.5 High |
| A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call. | ||||
| CVE-2020-8138 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-04 | 6.5 Medium |
| A missing check for IPv4 nested inside IPv6 in Nextcloud server < 17.0.1, < 16.0.7, and < 15.0.14 allowed a Server-Side Request Forgery (SSRF) vulnerability when subscribing to a malicious calendar URL. | ||||
| CVE-2020-8154 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-04 | 7.7 High |
| An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint. | ||||
| CVE-2020-8139 | 2 Fedoraproject, Nextcloud | 2 Fedora, Nextcloud Server | 2024-08-04 | 6.5 Medium |
| A missing access control check in Nextcloud Server < 18.0.1, < 17.0.4, and < 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL. | ||||
| CVE-2020-8120 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-04 | 6.1 Medium |
| A reflected Cross-Site Scripting vulnerability in Nextcloud Server 16.0.1 was discovered in the svg generation. | ||||
| CVE-2020-8152 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-04 | 4.4 Medium |
| Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on. | ||||
| CVE-2020-8156 | 2 Fedoraproject, Nextcloud | 2 Fedora, Nextcloud Mail | 2024-08-04 | 7.0 High |
| A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack. | ||||
| CVE-2020-8150 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-04 | 4.1 Medium |
| A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files. | ||||
| CVE-2020-8155 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-04 | 5.4 Medium |
| An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF. | ||||
| CVE-2020-8153 | 2 Fedoraproject, Nextcloud | 2 Fedora, Group Folders | 2024-08-04 | 8.1 High |
| Improper access control in Groupfolders app 4.0.3 allowed to delete hidden directories when when renaming an accessible item to the same name. | ||||
| CVE-2020-8140 | 2 Apple, Nextcloud | 2 Macos, Desktop | 2024-08-04 | 6.7 Medium |
| A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the environment. | ||||
| CVE-2020-8122 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-04 | 4.3 Medium |
| A missing check in Nextcloud Server 14.0.3 could give recipient the possibility to extend the expiration date of a share they received. | ||||
| CVE-2020-8121 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-04 | 8.1 High |
| A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer. | ||||
| CVE-2020-8119 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-04 | 4.3 Medium |
| Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app. | ||||
| CVE-2020-8133 | 1 Nextcloud | 1 Nextcloud Server | 2024-08-04 | 5.3 Medium |
| A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed an attacker to overwrite blocks in a file. | ||||