CVE-2018-16463

CVE-2018-16463 describes a session-fixation bug in Nextcloud Server, affecting versions prior to 14.0.0, 13.0.3, and 12.0.8, which could allow an attacker to access password-protected shares. Core details provided indicate a vulnerability in Nextcloud Server’s session handling, with the public Ne...

CVE-2018-16467

A missing check in Nextcloud Server prior to 14.0.0 could give unauthorized access to the previews of single file password protected shares...

CVE-2018-16465

Missing state in Nextcloud Server prior to 14.0.0 would not enforce the use of a second factor at login if the the provider of the second factor failed to load...

Nextcloud Server 'Autocomplete field' Stored XSS Vulnerability (NC-SA-2018-008)

Nextcloud Server is prone to a stored cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Nextcloud Server 'JSON Encoder' Security Bypass Vulnerability

Nextcloud Server is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Nextcloud Server Security Bypass Vulnerability (Aug 2018)

Nextcloud Server is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

NextCloud Server Cross-Site Scripting Vulnerability (CNVD-2018-17647)

Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany.Nextcloud Server is one of the server version. A cross-site scripting vulnerability exists in versions of NextCloud Server prior to 13.0.5, which stems from the...

CVE-2018-3780

A missing sanitization of search results for an autocomplete field in NextCloud Server 13.0.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users...

Nextcloud Server Improper Input Validation Vulnerability

Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany.Nextcloud Server is one of the server version. An input validation vulnerability exists in Nextcloud Server versions prior to 12.0.3 and 11.0.5, which can be exploite...

Nextcloud Server Authorization Issues Vulnerability

Nextcloud is a client-server software suite for creating network hard disks. An authorization issue vulnerability exists in versions of Nextcloud Server prior to 12.0.3, which can be exploited by an attacker to obtain user credentials and bypass two-factor authentication...

CVE-2018-3776

Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker's actions not being logged in the audit log...

CVE-2018-3775

Improper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obtained user credentials to bypass the 2 Factor Authentication...

CVE-2018-3776

Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker's actions not being logged in the audit log...

CVE-2018-3775

CVE-2018-3775 concerns Nextcloud Server prior to version 12.0.3, where an attacker with valid user credentials could bypass two‑factor authentication due to improper authentication. The NVD entry lists CVSSv3.1 impact as high (C/H/I/H/A/H) and CVSSv2 as medium (I/P, no confidentiality/availabilit...

Nextcloud Server Authorization Issues Vulnerability

Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany.Nextcloud Server is one of the server version. An authorization issue vulnerability exists in Nextcloud Server. An attacker could exploit the vulnerability to obtain ...

Nextcloud Server Information Disclosure Vulnerability (CNVD-2018-12756)

Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany.Nextcloud Server is one of the server version. A security vulnerability exists in Nextcloud Server versions prior to 12.0.8 and 13.0.3, which stems from the program's...

Nextcloud Server Image Previews File Access Control Bypass Vulnerability - Linux

Nextcloud Server is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2018-3762

CVE-2018-3762 affects Nextcloud Server prior to 12.0.8 and 13.0.3, where improper checks of dropped permissions for incoming shares let a user request previews for files they should not access. Root cause: inadequate enforcement of access control on image preview requests. Impact stated in source...

PT-2018-16180 · Nextcloud +2 · Nextcloud Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 12.0.8 Nextcloud Server versions prior to 13.0.3 Description: The issue is related to improper authentication on the OAuth2 token endpoint. It involves missing checks that could potentially allow handing out...

PT-2018-16181 · Nextcloud +2 · Nextcloud Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 12.0.8 Nextcloud Server versions prior to 13.0.3 Description: The issue arises from improper checks of dropped permissions for incoming shares, allowing a user to request previews for files they should not...