1082 matches found
Input validation
Improper permissions preservation in Nextcloud Server 16.0.1 causes sharees to be able to reshare with write permissions when sharing the mount point of a share they received, as a public link...
Cross site scripting
A reflected Cross-Site Scripting vulnerability in Nextcloud Server 16.0.1 was discovered in the svg generation...
Authorization
Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app...
Input validation
Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project...
Server side request forgery (ssrf)
An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application...
CVE-2019-15613
A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes...
CVE-2019-15617
CVE-2019-15617 affects Nextcloud Server (17.0.0) and arises from a missing check that allowed an attacker to set up a new second factor during login. Public documents reference the vulnerability and status across multiple sources (NVD/OSV/openvas) with remediation guidance generally recommending ...
CVE-2019-15621
Nextcloud Server 16.0.1 is affected by CVE-2019-15621: an improper permissions preservation enables sharees to reshare with write permissions when sharing the mount point of a received share via a public link. Root cause is a permissions preservation flaw in the sharing flow; exploitation details...
CVE-2019-15621
Improper permissions preservation in Nextcloud Server 16.0.1 causes sharees to be able to reshare with write permissions when sharing the mount point of a share they received, as a public link...
CVE-2019-15612
Nextcloud Server 15.0.2 is affected by CVE-2019-15612, where 2FA sessions are not properly expired after a user password reset. The issue is described as a bug in Nextcloud Server 15.0.2 that leaves pending 2FA logins active after password changes. Public references include the NVD entry and the ...
CVE-2020-8117
CVE-2020-8117 affects Nextcloud Server 14.0.3, involving improper preservation of permissions that leaks event details when sharing a non-public calendar event. Public references (NVD, CVE listing, SUSE, CNVD, OpenVAS/NC-SA-2020-013) confirm the issue name and description; CVSS metrics from NVD s...
CVE-2019-15613
CVE-2019-15613 affects Nextcloud Server 17.0.1, where a bug causes workflow rules to depend on the file extension when checking MIME types. This can impact all three security properties (confidentiality, integrity, availability) per CVSS metrics (NVD: AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H; base sco...
CVE-2020-8120
A reflected Cross-Site Scripting vulnerability in Nextcloud Server 16.0.1 was discovered in the svg generation...
CVE-2019-15624
Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders...
CVE-2020-8119
Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app...
CVE-2019-15617
A missing check in Nextcloud Server 17.0.0 allowed an attacker to set up a new second factor when trying to login...
CVE-2020-8120
CVE-2020-8120 describes a reflected XSS in Nextcloud Server 16.0.1 related to SVG logo generation. The issue affects the SVG rendering path (logo) via user-controllable inputs and has a CVSS v3.1 base score of 6.1 (MEDIUM). Public references (NVD/CVE records and Nextcloud advisory) confirm the vu...
CVE-2019-15624
CVE-2019-15624: Nextcloud Server 15.0.7 is affected by improper input validation that allows group admins to create users with IDs of system folders. The issue is confirmed in CVE-2019-15624 and is addressed in security advisories accompanying Nextcloud updates to 15.0.14 (NC-SA-2020-015/openSUSE...
CVE-2020-8118
CVE-2020-8118 describes an authenticated server-side request forgery (SSRF) in Nextcloud Server 16.0.1 . The vulnerability exists in the calendar application’s “add new subscription” workflow and permits an attacker to detect local and remote services. The connected documents consistently identif...
PT-2020-19957 · Nextcloud · Nextcloud Server
Name of the Vulnerable Software and Affected Versions: Nextcloud Server version 16.0.1 Description: A reflected Cross-Site Scripting issue was found in the svg generation of the affected software. Recommendations: For Nextcloud Server version 16.0.1, update to a version that includes a fix for th...