Filtered by vendor Nextcloud
Subscribe
Total
298 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-22896 | 1 Nextcloud | 1 Nextcloud | 2021-06-22 | 4.0 MEDIUM | 4.3 MEDIUM |
| Nextcloud Mail before 1.9.5 suffers from improper access control due to a missing permission check allowing other authenticated users to create mail aliases for other users. | |||||
| CVE-2021-32652 | 1 Nextcloud | 1 Nextcloud Mail | 2021-06-14 | 4.0 MEDIUM | 4.3 MEDIUM |
| Nextcloud Mail is a mail app for the Nextcloud platform. A missing permission check in Nextcloud Mail before 1.4.3 and 1.8.2 allows another authenticated users to access mail metadata of other users. Versions 1.4.3 and 1.8.2 contain patches for this vulnerability; no workarounds other than the patches are known to exist. | |||||
| CVE-2020-8297 | 1 Nextcloud | 1 Deck | 2021-03-02 | 4.0 MEDIUM | 4.3 MEDIUM |
| Nextcloud Deck before 1.0.2 suffers from an insecure direct object reference (IDOR) vulnerability that permits users with a duplicate user identifier to access deck data of a previous deleted user. | |||||
| CVE-2020-8294 | 1 Nextcloud | 1 Nextcloud Server | 2021-02-05 | 3.5 LOW | 5.4 MEDIUM |
| A missing link validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows execution of a stored XSS attack using Internet Explorer when saving a 'javascript:' URL in markdown format. | |||||
| CVE-2020-8295 | 1 Nextcloud | 1 Nextcloud Server | 2021-02-02 | 5.0 MEDIUM | 7.5 HIGH |
| A wrong check in Nextcloud Server 19 and prior allowed to perform a denial of service attack when resetting the password for a user. | |||||
| CVE-2020-8280 | 1 Nextcloud | 1 Contacts | 2021-01-11 | 3.5 LOW | 5.4 MEDIUM |
| A missing file type check in Nextcloud Contacts 3.4.0 allows a malicious user to upload SVG files as PNG files to perform cross-site scripting (XSS) attacks. | |||||
| CVE-2020-8281 | 1 Nextcloud | 1 Contacts | 2021-01-11 | 3.5 LOW | 5.4 MEDIUM |
| A missing file type check in Nextcloud Contacts 3.3.0 allows a malicious user to upload malicious SVG files to perform cross-site scripting (XSS) attacks. | |||||
| CVE-2019-5453 | 1 Nextcloud | 1 Nextcloud | 2020-12-18 | 3.6 LOW | 6.1 MEDIUM |
| Bypass lock protection in the Nextcloud Android app prior to version 3.3.0 allowed access to files when being prompted for the lock protection and switching to the Nextcloud file provider. | |||||
| CVE-2020-8278 | 1 Nextcloud | 1 Social | 2020-12-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper access control in Nextcloud Social app version 0.3.1 allowed to read posts of any user. | |||||
| CVE-2020-8279 | 1 Nextcloud | 1 Social | 2020-11-25 | 5.8 MEDIUM | 7.4 HIGH |
| Missing validation of server certificates for out-going connections in Nextcloud Social < 0.4.0 allowed a man-in-the-middle attack. | |||||
| CVE-2020-8228 | 2 Nextcloud, Opensuse | 3 Preferred Providers, Backports Sle, Leap | 2020-10-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times. | |||||
| CVE-2019-5449 | 1 Nextcloud | 1 Nextcloud Server | 2020-10-16 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing check in the Nextcloud Server prior to version 15.0.1 causes leaking of calendar event names when adding or modifying confidential or private events. | |||||
| CVE-2020-8182 | 1 Nextcloud | 1 Deck | 2020-10-14 | 6.0 MEDIUM | 8.0 HIGH |
| Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permissions than they had themselves. | |||||
| CVE-2020-8235 | 1 Nextcloud | 1 Deck | 2020-10-13 | 4.0 MEDIUM | 4.3 MEDIUM |
| Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments. | |||||
| CVE-2019-15620 | 1 Nextcloud | 1 Talk | 2020-10-09 | 4.0 MEDIUM | 2.7 LOW |
| Improper access control in Nextcloud Talk 6.0.3 leaks the existance and the name of private conversations when linked them to another shared item via the projects feature. | |||||
| CVE-2019-15617 | 1 Nextcloud | 1 Nextcloud Server | 2020-10-09 | 5.5 MEDIUM | 5.4 MEDIUM |
| A missing check in Nextcloud Server 17.0.0 allowed an attacker to set up a new second factor when trying to login. | |||||
| CVE-2019-15610 | 1 Nextcloud | 1 Circles | 2020-10-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper authorization in the Circles app 0.17.7 causes retaining access when an email address was removed from a circle. | |||||
| CVE-2020-8202 | 1 Nextcloud | 1 Preferred Providers | 2020-08-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper check of inputs in Nextcloud Preferred Providers app v1.6.0 allowed to perform a denial of service attack when using a very long password. | |||||
| CVE-2020-8179 | 1 Nextcloud | 1 Deck | 2020-07-08 | 4.0 MEDIUM | 4.1 MEDIUM |
| Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to inject tasks into other users decks. | |||||
| CVE-2020-8180 | 1 Nextcloud | 1 Talk | 2020-06-11 | 6.5 MEDIUM | 9.9 CRITICAL |
| A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed a code injection when a not correctly sanitized talk command was added by an administrator. | |||||