Total
159 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8236 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
| A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor verification by asking for the PIN of the passwordless WebAuthn but not verifying it. | |||||
| CVE-2020-8223 | 2 Fedoraproject, Nextcloud | 2 Fedora, Nextcloud Server | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
| A logic error in Nextcloud Server 19.0.0 caused a privilege escalation allowing malicious users to reshare with higher permissions than they got assigned themselves. | |||||
| CVE-2020-8183 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call. | |||||
| CVE-2020-8173 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 3.5 LOW | 2.2 LOW |
| A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended. | |||||
| CVE-2020-8155 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF. | |||||
| CVE-2020-8154 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 6.8 MEDIUM | 7.7 HIGH |
| An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint. | |||||
| CVE-2020-8152 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on. | |||||
| CVE-2020-8150 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 1.9 LOW | 4.1 MEDIUM |
| A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files. | |||||
| CVE-2020-8139 | 2 Fedoraproject, Nextcloud | 2 Fedora, Nextcloud Server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing access control check in Nextcloud Server < 18.0.1, < 17.0.4, and < 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL. | |||||
| CVE-2020-8138 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing check for IPv4 nested inside IPv6 in Nextcloud server < 17.0.1, < 16.0.7, and < 15.0.14 allowed a Server-Side Request Forgery (SSRF) vulnerability when subscribing to a malicious calendar URL. | |||||
| CVE-2020-8133 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed an attacker to overwrite blocks in a file. | |||||
| CVE-2020-8122 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing check in Nextcloud Server 14.0.3 could give recipient the possibility to extend the expiration date of a share they received. | |||||
| CVE-2020-8121 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer. | |||||
| CVE-2020-8120 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected Cross-Site Scripting vulnerability in Nextcloud Server 16.0.1 was discovered in the svg generation. | |||||
| CVE-2020-8119 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app. | |||||
| CVE-2020-8118 | 3 Nextcloud, Novell, Opensuse | 3 Nextcloud Server, Suse Linux Enterprise Server, Backports Sle | 2024-11-21 | 4.0 MEDIUM | 5.0 MEDIUM |
| An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application. | |||||
| CVE-2020-8117 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public event. | |||||
| CVE-2019-5451 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| Bypass lock protection in the Nextcloud Android app prior to version 3.6.1 allows accessing the files when repeatedly opening and closing the app in a very short time. | |||||
| CVE-2019-5449 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing check in the Nextcloud Server prior to version 15.0.1 causes leaking of calendar event names when adding or modifying confidential or private events. | |||||
| CVE-2019-15624 | 3 Nextcloud, Opensuse, Suse | 3 Nextcloud Server, Backports, Suse Linux Enterprise Server | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders. | |||||