Filtered by vendor Nextcloud
Subscribe
Total
297 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-8230 | 1 Nextcloud | 1 Desktop | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
A memory corruption vulnerability exists in NextCloud Desktop Client v2.6.4 where missing ASLR and DEP protections in for windows allowed to corrupt memory. | |||||
CVE-2020-8181 | 1 Nextcloud | 1 Contacts | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
A missing file type check in Nextcloud Contacts 3.2.0 allowed a malicious user to upload any file as avatars. | |||||
CVE-2020-8155 | 1 Nextcloud | 1 Nextcloud Server | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF. | |||||
CVE-2020-8139 | 2 Fedoraproject, Nextcloud | 2 Fedora, Nextcloud Server | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
A missing access control check in Nextcloud Server < 18.0.1, < 17.0.4, and < 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL. | |||||
CVE-2020-8153 | 2 Fedoraproject, Nextcloud | 2 Fedora, Group Folders | 2023-12-10 | 5.5 MEDIUM | 8.1 HIGH |
Improper access control in Groupfolders app 4.0.3 allowed to delete hidden directories when when renaming an accessible item to the same name. | |||||
CVE-2020-8229 | 1 Nextcloud | 1 Desktop | 2023-12-10 | 4.9 MEDIUM | 5.5 MEDIUM |
A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system. | |||||
CVE-2020-8179 | 1 Nextcloud | 1 Deck | 2023-12-10 | 4.0 MEDIUM | 4.1 MEDIUM |
Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to inject tasks into other users decks. | |||||
CVE-2020-8154 | 1 Nextcloud | 1 Nextcloud Server | 2023-12-10 | 6.8 MEDIUM | 7.7 HIGH |
An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint. | |||||
CVE-2020-8202 | 1 Nextcloud | 1 Preferred Providers | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Improper check of inputs in Nextcloud Preferred Providers app v1.6.0 allowed to perform a denial of service attack when using a very long password. | |||||
CVE-2020-8189 | 1 Nextcloud | 1 Desktop | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the login attempt. | |||||
CVE-2019-15614 | 1 Nextcloud | 1 Nextcloud | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
Missing sanitization in the iOS App 2.24.4 causes an XSS when opening malicious HTML files. | |||||
CVE-2020-8120 | 1 Nextcloud | 1 Nextcloud Server | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
A reflected Cross-Site Scripting vulnerability in Nextcloud Server 16.0.1 was discovered in the svg generation. | |||||
CVE-2019-15611 | 1 Nextcloud | 1 Nextcloud | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g. for federated users or registering for push notifications. | |||||
CVE-2019-15622 | 1 Nextcloud | 1 Nextcloud | 2023-12-10 | 2.1 LOW | 2.4 LOW |
Not strictly enough sanitization in the Nextcloud Android app 3.6.0 allowed an attacker to get content information from protected tables when using custom queries. | |||||
CVE-2020-8118 | 3 Nextcloud, Novell, Opensuse | 3 Nextcloud Server, Suse Linux Enterprise Server, Backports Sle | 2023-12-10 | 4.0 MEDIUM | 5.0 MEDIUM |
An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application. | |||||
CVE-2020-8117 | 1 Nextcloud | 1 Nextcloud Server | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public event. | |||||
CVE-2020-8121 | 1 Nextcloud | 1 Nextcloud Server | 2023-12-10 | 5.5 MEDIUM | 8.1 HIGH |
A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer. | |||||
CVE-2019-15612 | 1 Nextcloud | 1 Nextcloud Server | 2023-12-10 | 3.2 LOW | 5.9 MEDIUM |
A bug in Nextcloud Server 15.0.2 causes pending 2FA logins to not be correctly expired when the password of the user is reset. | |||||
CVE-2019-15610 | 1 Nextcloud | 1 Circles | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
Improper authorization in the Circles app 0.17.7 causes retaining access when an email address was removed from a circle. | |||||
CVE-2019-15615 | 1 Nextcloud | 1 Nextcloud | 2023-12-10 | 3.6 LOW | 6.1 MEDIUM |
A wrong check for the system time in the Android App 3.9.0 causes a bypass of the lock protection when changing the time of the system to the past. |