Filtered by vendor Nextcloud
Subscribe
Total
297 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-8225 | 1 Nextcloud | 1 Desktop | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials. | |||||
CVE-2020-8279 | 1 Nextcloud | 1 Social | 2023-12-10 | 5.8 MEDIUM | 7.4 HIGH |
Missing validation of server certificates for out-going connections in Nextcloud Social < 0.4.0 allowed a man-in-the-middle attack. | |||||
CVE-2020-8281 | 1 Nextcloud | 1 Contacts | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
A missing file type check in Nextcloud Contacts 3.3.0 allows a malicious user to upload malicious SVG files to perform cross-site scripting (XSS) attacks. | |||||
CVE-2020-8278 | 1 Nextcloud | 1 Social | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Improper access control in Nextcloud Social app version 0.3.1 allowed to read posts of any user. | |||||
CVE-2020-8293 | 1 Nextcloud | 1 Nextcloud Server | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage with those rules. | |||||
CVE-2020-8223 | 2 Fedoraproject, Nextcloud | 2 Fedora, Nextcloud Server | 2023-12-10 | 3.5 LOW | 6.5 MEDIUM |
A logic error in Nextcloud Server 19.0.0 caused a privilege escalation allowing malicious users to reshare with higher permissions than they got assigned themselves. | |||||
CVE-2021-22878 | 2 Fedoraproject, Nextcloud | 2 Fedora, Nextcloud Server | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site scripting (XSS) due to lack of sanitization in `OC.Notification.show`. | |||||
CVE-2020-8297 | 1 Nextcloud | 1 Deck | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
Nextcloud Deck before 1.0.2 suffers from an insecure direct object reference (IDOR) vulnerability that permits users with a duplicate user identifier to access deck data of a previous deleted user. | |||||
CVE-2021-22877 | 2 Fedoraproject, Nextcloud | 2 Fedora, Nextcloud Server | 2023-12-10 | 5.5 MEDIUM | 6.5 MEDIUM |
A missing user check in Nextcloud prior to 20.0.6 inadvertently populates a user's own credentials for other users external storage configuration when not already configured yet. | |||||
CVE-2020-8235 | 1 Nextcloud | 1 Deck | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments. | |||||
CVE-2020-8133 | 1 Nextcloud | 1 Nextcloud Server | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed an attacker to overwrite blocks in a file. | |||||
CVE-2020-8152 | 1 Nextcloud | 1 Nextcloud Server | 2023-12-10 | 2.1 LOW | 4.4 MEDIUM |
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on. | |||||
CVE-2020-8228 | 2 Nextcloud, Opensuse | 3 Preferred Providers, Backports Sle, Leap | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times. | |||||
CVE-2020-8294 | 1 Nextcloud | 1 Nextcloud Server | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
A missing link validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows execution of a stored XSS attack using Internet Explorer when saving a 'javascript:' URL in markdown format. | |||||
CVE-2020-8180 | 1 Nextcloud | 1 Talk | 2023-12-10 | 6.5 MEDIUM | 9.9 CRITICAL |
A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed a code injection when a not correctly sanitized talk command was added by an administrator. | |||||
CVE-2020-8156 | 2 Fedoraproject, Nextcloud | 2 Fedora, Nextcloud Mail | 2023-12-10 | 6.8 MEDIUM | 7.0 HIGH |
A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack. | |||||
CVE-2020-8138 | 1 Nextcloud | 1 Nextcloud Server | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
A missing check for IPv4 nested inside IPv6 in Nextcloud server < 17.0.1, < 16.0.7, and < 15.0.14 allowed a Server-Side Request Forgery (SSRF) vulnerability when subscribing to a malicious calendar URL. | |||||
CVE-2020-8224 | 1 Nextcloud | 1 Desktop | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory. | |||||
CVE-2020-8140 | 2 Apple, Nextcloud | 2 Macos, Desktop | 2023-12-10 | 4.6 MEDIUM | 6.7 MEDIUM |
A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the environment. | |||||
CVE-2020-8227 | 2 Linux, Nextcloud | 2 Linux Kernel, Desktop | 2023-12-10 | 7.1 HIGH | 6.8 MEDIUM |
Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory. |