CVE-2020-8154

CVE-2020-8154 is an Insecure Direct Object Reference in Nextcloud Server (noted against 18.0.x) that allowed an attacker to remotely wipe other users’ devices via a crafted request to the affected endpoint. Publicly referenced advisories (openSUSE/OpenSUSE-SU-2020:0670-1 and openSUSE-670) associa...

Nextcloud: Bypass hide download Nextcloud Share

Summary Hello everyone, accidentally browsing through nextcloud, I have found a small vulnerability on nextcloud server. This vulnerability allow download the file when the download function has been hidden Here is the error details. If anything is wrong please respond to me. Thanks you...

Nextcloud Server < 16.0.9, 17.x < 17.0.4, 18.0.0 Access Control Vulnerability (NC-SA-2020-015)

Nextcloud Server is prone to an information disclosure vulnerability due to a missing access control check. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

CVE-2020-8139

A missing access control check in Nextcloud Server 18.0.1, 17.0.4, and 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL...

CVE-2020-8139

A missing access control check in Nextcloud Server 18.0.1, 17.0.4, and 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL...

XSS in Files PDF viewer (NC-SA-2020-019)

An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF...

Nextcloud Server Cross-Site Scripting Vulnerability (CNVD-2020-10426)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A cross-site scripting vulnerability exists in Nextcloud Server. The vulnerability stems from a lack of proper validation of client-side data by the WEB...

Nextcloud Server, Talk and Deck Cross-Site Scripting Vulnerabilities

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A cross-site scripting vulnerability exists in Nextcloud Server, Talk and Deck. The vulnerability stems from a lack of proper validation of client-side data b...

Nextcloud Server Access Control Error Vulnerability (CNVD-2020-12757)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An Access Control Error vulnerability exists in Nextcloud Server. The vulnerability arises from a network system or product not properly restricting access to...

Nextcloud Server Authorization Issues Vulnerability (CNVD-2020-12759)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An authorization issue vulnerability exists in Nextcloud Server. The vulnerability stems from a lack of authentication measures or insufficient authentication...

Nextcloud Server Injection Vulnerability

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An injection vulnerability exists in Nextcloud Server. The vulnerability arises from a lack of proper validation of user input data by a network system or...

Nextcloud server improper authorization vulnerability

Nextcloud is a client-server software suite for creating network hard disks. An improper authorization vulnerability exists in Nextcloud Server 17.0.0. An attacker can exploit the vulnerability to cause preview and file disclosure when opening a file to place a share link via the Gallery...

Nextcloud Server Improper Privilege Retention Vulnerability

Nextcloud is a suite of client-server software for creating network hard disks. An improper privilege retention vulnerability exists in Nextcloud Server 14.0.3. An attacker could exploit the vulnerability to obtain event details when sharing non-public events...

Nextcloud Server Improper Access Control Checking Vulnerability (CNVD-2020-05120)

Nextcloud is a client-server software suite for creating network hard disks. An improper share expiration date access control checking vulnerability exists in Nextcloud Server 14.0.3. A recipient could exploit the vulnerability to extend the expiration date of a share that it receives...

Nextcloud Server Cross-Site Scripting Vulnerability (CNVD-2020-05114)

Nextcloud is a client-server software suite for creating network hard disks. A reflected cross-site scripting vulnerability exists in svg generation in Nextcloud Server 16.0.1. No detailed vulnerability details are provided at this time...

Nextcloud Server < 12.0.8, < 13.0.3 Improper Input Vulnerability (NC-SA-2018-003)

Nextcloud Server is prone to an improper input vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Nextcloud Server < 12.0.13, < 13.0.8, < 14.0.4 Access Control Vulnerability (NC-SA-2019-002)

Nextcloud Server is prone to an improper access control vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Nextcloud Server < 14.0.13, < 15.0.9, < 16.0.2 XSS Vulnerability (NC-SA-2019-018)

Nextcloud Server is prone to a cross-site scripting vulnerability in the svg logo generation. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only C...

Nextcloud Server < 14.0.11, < 15.0.8 Input Validation Vulnerability (NC-SA-2019-015)

Nextcloud Server is prone to an input validation vulnerability where group admins can create users with IDs of system folders. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Nextcloud Server < 13.0.11, < 14.0.7, < 15.0.3 2FA Sessions Vulnerability (NC-SA-2020-001)

Nextcloud Server is prone to a vulnerability where 2FA sessions are not properly expired on a password change. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifie...