CVE-2019-5449

A missing check in the Nextcloud Server prior to version 15.0.1 causes leaking of calendar event names when adding or modifying confidential or private events...

CVE-2019-5449

A missing check in the Nextcloud Server prior to version 15.0.1 causes leaking of calendar event names when adding or modifying confidential or private events...

CVE-2019-5449

CVE-2019-5449 affects Nextcloud Server prior to 15.0.1. A missing check allows leaking calendar event names when adding or modifying confidential or private events. Multiple connected sources confirm an information disclosure vulnerability in Nextcloud Server before 15.0.1. Impact is information ...

Improper neutralization of item names in projects feature (NC-SA-2020-009)

Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project...

Improper neutralization of item names in projects feature (NC-SA-2020-008)

Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project...

Nextcloud Server Access Control Error Vulnerability

Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany.Nextcloud Server is one of the server version. An Access Control Error vulnerability exists in Nextcloud Server versions prior to 14.0.0, 13.0.6, and 12.0.11, which c...

Nextcloud Server Improper Access Control Checking Vulnerability

Nextcloud is a set of client-server software for creating file hosting services and using them. An improper access control checking vulnerability exists in versions of Nextcloud Server prior to 14.0.0, which can be exploited by an unauthenticated, remote attacker via the publicpreview.php functio...

Nextcloud Server Session Fixation Vulnerability

Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany.Nextcloud Server is one of the server version. A session fixation vulnerability exists in Nextcloud Server versions prior to 14.0.0, 13.0.3, and 12.0.8, which can be...

Nextcloud Server Privilege Authentication Vulnerability

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform.Nextcloud Server is one of the server version. A privilege authentication vulnerability exists in versions of Nextcloud Server prior to 14.0.0, which can be exploited by an attacker t...

Nextcloud Server Privilege Authentication Vulnerability (CNVD-2019-18774)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform.Nextcloud Server is one of the server version. A privilege validation vulnerability exists in versions of Nextcloud Server prior to 14.0.0 that can be exploited by an attacker to bypa...

Nextcloud Server < 14.0.0, < 13.0.3, < 12.0.8 Session fixation on public share page (NC-SA-2018-013) - Windows

Nextcloud Server is prone to a session fixation vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

Nextcloud Server < 14.0.0, < 13.0.6, < 12.0.11 Improper validation of permissions (NC-SA-2018-010) - Windows

Nextcloud Server is prone to an improper access restriction vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

Default credentials

A missing check in Nextcloud Server prior to 14.0.0 could give unauthorized access to the previews of single file password protected shares...

CVE-2018-16463

A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could potentially allow an attacker to obtain access to password protected shares...

Input validation

Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrictions by acess tokens...

Design/Logic Flaw

Missing state in Nextcloud Server prior to 14.0.0 would not enforce the use of a second factor at login if the the provider of the second factor failed to load...

CVE-2018-16464

A missing access check in Nextcloud Server prior to 14.0.0 could lead to continued access to password protected link shares when the owner had changed the password...

Default credentials

A missing access check in Nextcloud Server prior to 14.0.0 could lead to continued access to password protected link shares when the owner had changed the password...

CVE-2018-16467

A missing check in Nextcloud Server prior to 14.0.0 could give unauthorized access to the previews of single file password protected shares...

CVE-2018-16467

A missing check in Nextcloud Server prior to 14.0.0 could give unauthorized access to the previews of single file password protected shares...