Filtered by vendor Nextcloud
Subscribe
Total
227 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-15620 | 1 Nextcloud | 1 Talk | 2020-10-09 | 4.0 MEDIUM | 2.7 LOW |
| Improper access control in Nextcloud Talk 6.0.3 leaks the existance and the name of private conversations when linked them to another shared item via the projects feature. | |||||
| CVE-2019-15617 | 1 Nextcloud | 1 Nextcloud Server | 2020-10-09 | 5.5 MEDIUM | 5.4 MEDIUM |
| A missing check in Nextcloud Server 17.0.0 allowed an attacker to set up a new second factor when trying to login. | |||||
| CVE-2019-15610 | 1 Nextcloud | 1 Circles | 2020-10-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper authorization in the Circles app 0.17.7 causes retaining access when an email address was removed from a circle. | |||||
| CVE-2020-8202 | 1 Nextcloud | 1 Preferred Providers | 2020-08-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper check of inputs in Nextcloud Preferred Providers app v1.6.0 allowed to perform a denial of service attack when using a very long password. | |||||
| CVE-2020-8181 | 1 Nextcloud | 1 Contacts | 2020-07-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing file type check in Nextcloud Contacts 3.2.0 allowed a malicious user to upload any file as avatars. | |||||
| CVE-2020-8179 | 1 Nextcloud | 1 Deck | 2020-07-08 | 4.0 MEDIUM | 4.1 MEDIUM |
| Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to inject tasks into other users decks. | |||||
| CVE-2020-8180 | 1 Nextcloud | 1 Talk | 2020-06-11 | 6.5 MEDIUM | 9.9 CRITICAL |
| A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed a code injection when a not correctly sanitized talk command was added by an administrator. | |||||
| CVE-2020-8138 | 1 Nextcloud | 1 Nextcloud Server | 2020-03-25 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing check for IPv4 nested inside IPv6 in Nextcloud server < 17.0.1, < 16.0.7, and < 15.0.14 allowed a Server-Side Request Forgery (SSRF) vulnerability when subscribing to a malicious calendar URL. | |||||
| CVE-2019-15612 | 1 Nextcloud | 1 Nextcloud Server | 2020-03-24 | 3.2 LOW | 5.9 MEDIUM |
| A bug in Nextcloud Server 15.0.2 causes pending 2FA logins to not be correctly expired when the password of the user is reset. | |||||
| CVE-2019-15613 | 1 Nextcloud | 1 Server | 2020-02-15 | 6.0 MEDIUM | 8.0 HIGH |
| A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes. | |||||
| CVE-2020-8119 | 1 Nextcloud | 1 Nextcloud Server | 2020-02-15 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app. | |||||
| CVE-2019-15621 | 1 Nextcloud | 1 Nextcloud Server | 2020-02-15 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper permissions preservation in Nextcloud Server 16.0.1 causes sharees to be able to reshare with write permissions when sharing the mount point of a share they received, as a public link. | |||||
| CVE-2019-15615 | 1 Nextcloud | 1 Nextcloud | 2020-02-13 | 3.6 LOW | 6.1 MEDIUM |
| A wrong check for the system time in the Android App 3.9.0 causes a bypass of the lock protection when changing the time of the system to the past. | |||||
| CVE-2019-15622 | 1 Nextcloud | 1 Nextcloud | 2020-02-12 | 2.1 LOW | 2.4 LOW |
| Not strictly enough sanitization in the Nextcloud Android app 3.6.0 allowed an attacker to get content information from protected tables when using custom queries. | |||||
| CVE-2019-15619 | 1 Nextcloud | 3 Deck, Nextcloud Server, Talk | 2020-02-12 | 3.5 LOW | 4.8 MEDIUM |
| Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project. | |||||
| CVE-2019-15614 | 1 Nextcloud | 1 Nextcloud | 2020-02-12 | 3.5 LOW | 5.4 MEDIUM |
| Missing sanitization in the iOS App 2.24.4 causes an XSS when opening malicious HTML files. | |||||
| CVE-2019-15616 | 1 Nextcloud | 1 Nextcloud Server | 2020-02-11 | 4.0 MEDIUM | 4.3 MEDIUM |
| Dangling remote share attempts in Nextcloud 16 allow a DNS pollution when running long. | |||||
| CVE-2019-15611 | 1 Nextcloud | 1 Nextcloud | 2020-02-11 | 4.0 MEDIUM | 4.9 MEDIUM |
| Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g. for federated users or registering for push notifications. | |||||
| CVE-2020-8122 | 1 Nextcloud | 1 Nextcloud Server | 2020-02-11 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing check in Nextcloud Server 14.0.3 could give recipient the possibility to extend the expiration date of a share they received. | |||||
| CVE-2020-8121 | 1 Nextcloud | 1 Nextcloud Server | 2020-02-11 | 5.5 MEDIUM | 8.1 HIGH |
| A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer. | |||||