Filtered by vendor Nextcloud
Subscribe
Total
227 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-22913 | 1 Nextcloud | 1 Deck | 2021-06-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only the local Nextcloud server unless a global search has been explicitly chosen by the user. | |||||
| CVE-2021-22905 | 1 Nextcloud | 1 Nextcloud | 2021-06-22 | 4.3 MEDIUM | 6.5 MEDIUM |
| Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnerable to information disclosure due to searches for sharees being performed by default on the lookup server instead of only using the local Nextcloud server unless a global search has been explicitly chosen by the user. | |||||
| CVE-2021-22912 | 1 Nextcloud | 1 Nextcloud | 2021-06-22 | 4.3 MEDIUM | 6.5 MEDIUM |
| Nextcloud iOS before 3.4.2 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only on the local Nextcloud server unless a global search has been explicitly chosen by the user. | |||||
| CVE-2021-22896 | 1 Nextcloud | 1 Nextcloud | 2021-06-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Nextcloud Mail before 1.9.5 suffers from improper access control due to a missing permission check allowing other authenticated users to create mail aliases for other users. | |||||
| CVE-2021-32652 | 1 Nextcloud | 1 Nextcloud Mail | 2021-06-14 | 4.0 MEDIUM | 4.3 MEDIUM |
| Nextcloud Mail is a mail app for the Nextcloud platform. A missing permission check in Nextcloud Mail before 1.4.3 and 1.8.2 allows another authenticated users to access mail metadata of other users. Versions 1.4.3 and 1.8.2 contain patches for this vulnerability; no workarounds other than the patches are known to exist. | |||||
| CVE-2020-8297 | 1 Nextcloud | 1 Deck | 2021-03-02 | 4.0 MEDIUM | 4.3 MEDIUM |
| Nextcloud Deck before 1.0.2 suffers from an insecure direct object reference (IDOR) vulnerability that permits users with a duplicate user identifier to access deck data of a previous deleted user. | |||||
| CVE-2020-8294 | 1 Nextcloud | 1 Nextcloud Server | 2021-02-05 | 3.5 LOW | 5.4 MEDIUM |
| A missing link validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows execution of a stored XSS attack using Internet Explorer when saving a 'javascript:' URL in markdown format. | |||||
| CVE-2020-8295 | 1 Nextcloud | 1 Nextcloud Server | 2021-02-02 | 5.0 MEDIUM | 7.5 HIGH |
| A wrong check in Nextcloud Server 19 and prior allowed to perform a denial of service attack when resetting the password for a user. | |||||
| CVE-2020-8280 | 1 Nextcloud | 1 Contacts | 2021-01-11 | 3.5 LOW | 5.4 MEDIUM |
| A missing file type check in Nextcloud Contacts 3.4.0 allows a malicious user to upload SVG files as PNG files to perform cross-site scripting (XSS) attacks. | |||||
| CVE-2020-8281 | 1 Nextcloud | 1 Contacts | 2021-01-11 | 3.5 LOW | 5.4 MEDIUM |
| A missing file type check in Nextcloud Contacts 3.3.0 allows a malicious user to upload malicious SVG files to perform cross-site scripting (XSS) attacks. | |||||
| CVE-2019-5453 | 1 Nextcloud | 1 Nextcloud | 2020-12-17 | 3.6 LOW | 6.1 MEDIUM |
| Bypass lock protection in the Nextcloud Android app prior to version 3.3.0 allowed access to files when being prompted for the lock protection and switching to the Nextcloud file provider. | |||||
| CVE-2020-8278 | 1 Nextcloud | 1 Social | 2020-12-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper access control in Nextcloud Social app version 0.3.1 allowed to read posts of any user. | |||||
| CVE-2020-8279 | 1 Nextcloud | 1 Social | 2020-11-25 | 5.8 MEDIUM | 7.4 HIGH |
| Missing validation of server certificates for out-going connections in Nextcloud Social < 0.4.0 allowed a man-in-the-middle attack. | |||||
| CVE-2020-8133 | 1 Nextcloud | 1 Nextcloud Server | 2020-11-19 | 5.0 MEDIUM | 5.3 MEDIUM |
| A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed an attacker to overwrite blocks in a file. | |||||
| CVE-2020-8228 | 2 Nextcloud, Opensuse | 3 Preferred Providers, Backports Sle, Leap | 2020-10-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times. | |||||
| CVE-2020-8154 | 1 Nextcloud | 1 Nextcloud Server | 2020-10-19 | 6.8 MEDIUM | 7.7 HIGH |
| An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint. | |||||
| CVE-2020-8155 | 1 Nextcloud | 1 Nextcloud Server | 2020-10-19 | 3.5 LOW | 5.4 MEDIUM |
| An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF. | |||||
| CVE-2019-5449 | 1 Nextcloud | 1 Nextcloud Server | 2020-10-16 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing check in the Nextcloud Server prior to version 15.0.1 causes leaking of calendar event names when adding or modifying confidential or private events. | |||||
| CVE-2020-8182 | 1 Nextcloud | 1 Deck | 2020-10-14 | 6.0 MEDIUM | 8.0 HIGH |
| Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permissions than they had themselves. | |||||
| CVE-2020-8235 | 1 Nextcloud | 1 Deck | 2020-10-13 | 4.0 MEDIUM | 4.3 MEDIUM |
| Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments. | |||||