Filtered by vendor Nextcloud
Subscribe
Total
353 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8278 | 1 Nextcloud | 1 Social | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Improper access control in Nextcloud Social app version 0.3.1 allowed to read posts of any user.
|
|||||
| CVE-2020-8259 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
|
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryption keys.
|
|||||
| CVE-2020-8236 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
|
A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor verification by asking for the PIN of the passwordless WebAuthn but not verifying it.
|
|||||
| CVE-2020-8235 | 1 Nextcloud | 1 Deck | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments.
|
|||||
| CVE-2020-8230 | 1 Nextcloud | 1 Desktop | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
A memory corruption vulnerability exists in NextCloud Desktop Client v2.6.4 where missing ASLR and DEP protections in for windows allowed to corrupt memory.
|
|||||
| CVE-2020-8229 | 1 Nextcloud | 1 Desktop | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system.
|
|||||
| CVE-2020-8228 | 2 Nextcloud, Opensuse | 3 Preferred Providers, Backports Sle, Leap | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times.
|
|||||
| CVE-2020-8227 | 2 Linux, Nextcloud | 2 Linux Kernel, Desktop | 2024-11-21 | 7.1 HIGH | 6.8 MEDIUM |
|
Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory.
|
|||||
| CVE-2020-8225 | 1 Nextcloud | 1 Desktop | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials.
|
|||||
| CVE-2020-8224 | 1 Nextcloud | 1 Desktop | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory.
|
|||||
| CVE-2020-8223 | 2 Fedoraproject, Nextcloud | 2 Fedora, Nextcloud Server | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
|
A logic error in Nextcloud Server 19.0.0 caused a privilege escalation allowing malicious users to reshare with higher permissions than they got assigned themselves.
|
|||||
| CVE-2020-8202 | 1 Nextcloud | 1 Preferred Providers | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Improper check of inputs in Nextcloud Preferred Providers app v1.6.0 allowed to perform a denial of service attack when using a very long password.
|
|||||
| CVE-2020-8189 | 1 Nextcloud | 1 Desktop | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the login attempt.
|
|||||
| CVE-2020-8183 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call.
|
|||||
| CVE-2020-8182 | 1 Nextcloud | 1 Deck | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
|
Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permissions than they had themselves.
|
|||||
| CVE-2020-8181 | 1 Nextcloud | 1 Contacts | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A missing file type check in Nextcloud Contacts 3.2.0 allowed a malicious user to upload any file as avatars.
|
|||||
| CVE-2020-8180 | 1 Nextcloud | 1 Talk | 2024-11-21 | 6.5 MEDIUM | 9.9 CRITICAL |
|
A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed a code injection when a not correctly sanitized talk command was added by an administrator.
|
|||||
| CVE-2020-8179 | 1 Nextcloud | 1 Deck | 2024-11-21 | 4.0 MEDIUM | 4.1 MEDIUM |
|
Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to inject tasks into other users decks.
|
|||||
| CVE-2020-8173 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 3.5 LOW | 2.2 LOW |
|
A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended.
|
|||||
| CVE-2020-8156 | 2 Fedoraproject, Nextcloud | 2 Fedora, Mail | 2024-11-21 | 6.8 MEDIUM | 7.0 HIGH |
|
A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack.
|
|||||
| CVE-2020-8155 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF.
|
|||||
| CVE-2020-8154 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 6.8 MEDIUM | 7.7 HIGH |
|
An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint.
|
|||||
| CVE-2020-8153 | 2 Fedoraproject, Nextcloud | 2 Fedora, Group Folders | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
|
Improper access control in Groupfolders app 4.0.3 allowed to delete hidden directories when when renaming an accessible item to the same name.
|
|||||
| CVE-2020-8152 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
|
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on.
|
|||||
| CVE-2020-8150 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 1.9 LOW | 4.1 MEDIUM |
|
A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files.
|
|||||
| CVE-2020-8140 | 2 Apple, Nextcloud | 2 Macos, Desktop | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the environment.
|
|||||
| CVE-2020-8139 | 2 Fedoraproject, Nextcloud | 2 Fedora, Nextcloud Server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
A missing access control check in Nextcloud Server < 18.0.1, < 17.0.4, and < 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL.
|
|||||
| CVE-2020-8138 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
A missing check for IPv4 nested inside IPv6 in Nextcloud server < 17.0.1, < 16.0.7, and < 15.0.14 allowed a Server-Side Request Forgery (SSRF) vulnerability when subscribing to a malicious calendar URL.
|
|||||
| CVE-2020-8133 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed an attacker to overwrite blocks in a file.
|
|||||
| CVE-2020-8122 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A missing check in Nextcloud Server 14.0.3 could give recipient the possibility to extend the expiration date of a share they received.
|
|||||
| CVE-2020-8121 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
|
A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer.
|
|||||
| CVE-2020-8120 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A reflected Cross-Site Scripting vulnerability in Nextcloud Server 16.0.1 was discovered in the svg generation.
|
|||||
| CVE-2020-8119 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app.
|
|||||
| CVE-2020-8118 | 3 Nextcloud, Novell, Opensuse | 3 Nextcloud Server, Suse Linux Enterprise Server, Backports Sle | 2024-11-21 | 4.0 MEDIUM | 5.0 MEDIUM |
|
An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application.
|
|||||
| CVE-2020-8117 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public event.
|
|||||
| CVE-2019-5476 | 1 Nextcloud | 1 Lookup-server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An SQL Injection in the Nextcloud Lookup-Server < v0.3.0 (running on https://lookup.nextcloud.com) caused unauthenticated users to be able to execute arbitrary SQL commands.
|
|||||
| CVE-2019-5455 | 1 Nextcloud | 1 Nextcloud | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
|
Bypassing lock protection exists in Nextcloud Android app 3.6.0 when creating a multi-account and aborting the process.
|
|||||
| CVE-2019-5454 | 1 Nextcloud | 1 Nextcloud | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection in the Nextcloud Android app prior to version 3.0.0 allows to destroy a local cache when a harmful query is executed requiring to resetup the account.
|
|||||
| CVE-2019-5453 | 1 Nextcloud | 1 Nextcloud | 2024-11-21 | 3.6 LOW | 6.1 MEDIUM |
|
Bypass lock protection in the Nextcloud Android app prior to version 3.3.0 allowed access to files when being prompted for the lock protection and switching to the Nextcloud file provider.
|
|||||
| CVE-2019-5452 | 1 Nextcloud | 1 Nextcloud | 2024-11-21 | 2.1 LOW | 2.4 LOW |
|
Bypass lock protection in the Nextcloud Android app prior to version 3.6.2 causes leaking of thumbnails when requesting the Android content provider although the lock protection was not solved.
|
|||||