Total
159 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-8294 | 1 Nextcloud | 1 Nextcloud Server | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
A missing link validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows execution of a stored XSS attack using Internet Explorer when saving a 'javascript:' URL in markdown format. | |||||
CVE-2021-22877 | 2 Fedoraproject, Nextcloud | 2 Fedora, Nextcloud Server | 2024-02-28 | 5.5 MEDIUM | 6.5 MEDIUM |
A missing user check in Nextcloud prior to 20.0.6 inadvertently populates a user's own credentials for other users external storage configuration when not already configured yet. | |||||
CVE-2020-8293 | 1 Nextcloud | 1 Nextcloud Server | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage with those rules. | |||||
CVE-2020-8183 | 1 Nextcloud | 1 Nextcloud Server | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call. | |||||
CVE-2020-8296 | 2 Fedoraproject, Nextcloud | 2 Fedora, Nextcloud Server | 2024-02-28 | 4.6 MEDIUM | 6.7 MEDIUM |
Nextcloud Server prior to 20.0.0 stores passwords in a recoverable format even when external storage is not configured. | |||||
CVE-2020-8138 | 1 Nextcloud | 1 Nextcloud Server | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
A missing check for IPv4 nested inside IPv6 in Nextcloud server < 17.0.1, < 16.0.7, and < 15.0.14 allowed a Server-Side Request Forgery (SSRF) vulnerability when subscribing to a malicious calendar URL. | |||||
CVE-2020-8154 | 1 Nextcloud | 1 Nextcloud Server | 2024-02-28 | 6.8 MEDIUM | 7.7 HIGH |
An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint. | |||||
CVE-2020-8155 | 1 Nextcloud | 1 Nextcloud Server | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF. | |||||
CVE-2020-8139 | 2 Fedoraproject, Nextcloud | 2 Fedora, Nextcloud Server | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
A missing access control check in Nextcloud Server < 18.0.1, < 17.0.4, and < 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL. | |||||
CVE-2019-15612 | 1 Nextcloud | 1 Nextcloud Server | 2024-02-28 | 3.2 LOW | 5.9 MEDIUM |
A bug in Nextcloud Server 15.0.2 causes pending 2FA logins to not be correctly expired when the password of the user is reset. | |||||
CVE-2019-15621 | 1 Nextcloud | 1 Nextcloud Server | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Improper permissions preservation in Nextcloud Server 16.0.1 causes sharees to be able to reshare with write permissions when sharing the mount point of a share they received, as a public link. | |||||
CVE-2020-8119 | 1 Nextcloud | 1 Nextcloud Server | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app. | |||||
CVE-2020-8122 | 1 Nextcloud | 1 Nextcloud Server | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
A missing check in Nextcloud Server 14.0.3 could give recipient the possibility to extend the expiration date of a share they received. | |||||
CVE-2019-15623 | 3 Nextcloud, Opensuse, Suse | 3 Nextcloud Server, Backports Sle, Package Hub | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled. | |||||
CVE-2019-15619 | 1 Nextcloud | 3 Deck, Nextcloud Server, Talk | 2024-02-28 | 3.5 LOW | 4.8 MEDIUM |
Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project. | |||||
CVE-2020-8121 | 1 Nextcloud | 1 Nextcloud Server | 2024-02-28 | 5.5 MEDIUM | 8.1 HIGH |
A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer. | |||||
CVE-2019-15613 | 2 Nextcloud, Opensuse | 2 Nextcloud Server, Backports | 2024-02-28 | 6.0 MEDIUM | 8.0 HIGH |
A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes. | |||||
CVE-2020-8117 | 1 Nextcloud | 1 Nextcloud Server | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public event. | |||||
CVE-2020-8120 | 1 Nextcloud | 1 Nextcloud Server | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
A reflected Cross-Site Scripting vulnerability in Nextcloud Server 16.0.1 was discovered in the svg generation. | |||||
CVE-2019-15618 | 1 Nextcloud | 1 Nextcloud Server | 2024-02-28 | 3.5 LOW | 4.8 MEDIUM |
Missing escaping of HTML in the Updater of Nextcloud 15.0.5 allowed a reflected XSS when starting the updater from a malicious location. |