1082 matches found
Nextcloud Server Multiple Vulnerabilities (Oct 2021)
Nextcloud Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nextcloud:nextcloudserver"...
CVE-2021-41177
The CVE-2021-41177 entry affects Nextcloud Server. The issue is that before versions 20.0.13, 21.0.5, and 22.2.0, Nextcloud did not implement a memory-cache backend for rate-limiting, so components using rate limits (e.g., AnonRateThrottle, UserRateThrottle) were not actually rate-limited on inst...
Two-Factor Authentication not enforced for pages marked as public
None...
Rate-limits not working on instances without configured memory cache backend
None...
Nextcloud Server Multiple Vulnerabilities (Sep 2021)
Nextcloud Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nextcloud:nextcloudserver"...
CVE-2021-32801
CVE-2021-32801 affects Nextcloud Server and concerns logging of potentially sensitive information in log files due to exception logging. The public records in OpenSUSE/GLSA summaries tie this CVE to Nextcloud Server components and indicate fixes were deployed in updated releases (Nextcloud 20.0.1...
Design/Logic Flaw
Nextcloud Text is an open source plaintext editing application which ships with the nextcloud server. In affected versions the Nextcloud Text application returned different error messages depending on whether a folder existed in a public link share. This is problematic in case the public link sha...
CVE-2021-32766 Nextcloud Text app can disclose existence of folders in "File Drop" link share
Nextcloud Text is an open source plaintext editing application which ships with the nextcloud server. In affected versions the Nextcloud Text application returned different error messages depending on whether a folder existed in a public link share. This is problematic in case the public link sha...
Nextcloud 日志信息泄露漏洞
An information disclosure vulnerability exists in Nextcloud Server, an open source, powerful cloud storage network drive project. An attacker could use this vulnerability to bypass the dual authentication in Nextcloud, and an attacker who knows the password or has access to the WebAuthN trusted...
PT-2021-19941 · Nextcloud +2 · Nextcloud Server +2
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 20.0.12 Nextcloud Server versions prior to 21.0.4 Nextcloud Server versions prior to 22.1.0 Description: Nextcloud server is an open source, self-hosted personal cloud that supports rendering image previews...
PT-2021-19940 · Nextcloud +2 · Nextcloud Server +2
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 20.0.12 Nextcloud Server versions prior to 21.0.4 Nextcloud Server versions prior to 22.1.0 Description: The Nextcloud server, an open-source, self-hosted personal cloud, has a issue where logging of...
PT-2021-19939 · Nextcloud +2 · Nextcloud Server +2
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 20.0.12 Nextcloud Server versions prior to 21.0.4 Nextcloud Server versions prior to 22.1.0 Description: The issue affects Nextcloud server, an open-source, self-hosted personal cloud. An attacker can bypass...
CVE-2021-37617
Summary of CVE-2021-37617 : The Nextcloud Desktop Client (Windows) contains a vendor- and user-controlled uninstall search path flaw. In versions 3.0.3 through 3.2.4, the client searches for an Uninstall.exe file in a folder writable by regular users. A malicious user could place a crafted Uninst...
CVE-2021-32728
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. Clients using the Nextcloud end-to-end encryption feature download the public and private key via an API endpoint. In versions prior to 3.3.0, the Nextcloud Desktop client fails to check if a privat...
openSUSE 15 Security Update : nextcloud (openSUSE-SU-2021:1068-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1068-1 advisory. - A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules...
Nextcloud Server Multiple Vulnerabilities (Jul 2021)
Nextcloud Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nextcloud:nextcloudserver"...
Unspecified Vulnerability in Nextcloud (CNVD-2021-51796)
Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability in Nextcloud Server in versions prior to 19.0.13, 20.011, and 21.0.3 can be exploited by an attacker to enumerate potentially valid...
CVE-2021-32734
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, the Nextcloud Text application shipped with Nextcloud Server returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. The issu...
CVE-2021-32741
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public share link mount endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. The issue was fixed in...
CVE-2021-32734
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, the Nextcloud Text application shipped with Nextcloud Server returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. The issu...