Lucene search
K

1090 matches found

Prion
Prion
added 2018/10/30 9:29 p.m.24 views

Default credentials

A missing check in Nextcloud Server prior to 14.0.0 could give unauthorized access to the previews of single file password protected shares...

5CVSS5.3AI score0.01068EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2018/10/30 9:29 p.m.22 views

Input validation

Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrictions by acess tokens...

5.5CVSS8AI score0.00957EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2018/10/30 9:29 p.m.23 views

Design/Logic Flaw

Missing state in Nextcloud Server prior to 14.0.0 would not enforce the use of a second factor at login if the the provider of the second factor failed to load...

4.3CVSS5.2AI score0.00811EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2018/10/30 9:29 p.m.23 views

CVE-2018-16464

A missing access check in Nextcloud Server prior to 14.0.0 could lead to continued access to password protected link shares when the owner had changed the password...

5.7CVSS5.6AI score0.00891EPSS
Exploits0References2
Prion
Prion
added 2018/10/30 9:29 p.m.17 views

Default credentials

A missing access check in Nextcloud Server prior to 14.0.0 could lead to continued access to password protected link shares when the owner had changed the password...

3.5CVSS5.7AI score0.00891EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2018/10/30 9:29 p.m.21 views

CVE-2018-16467

A missing check in Nextcloud Server prior to 14.0.0 could give unauthorized access to the previews of single file password protected shares...

5.3CVSS6.8AI score
Exploits0References2
OSV
OSV
added 2018/10/30 9:29 p.m.16 views

CVE-2018-16463

A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could potentially allow an attacker to obtain access to password protected shares...

3.1CVSS6.8AI score
Exploits0References2
Cvelist
Cvelist
added 2018/10/30 9:0 p.m.25 views

CVE-2018-16466

Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrictions by acess tokens...

8AI score0.00957EPSS
Exploits0References2
CVE
CVE
added 2018/10/30 9:0 p.m.59 views

CVE-2018-16463

CVE-2018-16463 describes a session-fixation bug in Nextcloud Server, affecting versions prior to 14.0.0, 13.0.3, and 12.0.8, which could allow an attacker to access password-protected shares. Core details provided indicate a vulnerability in Nextcloud Server’s session handling, with the public Ne...

3.6CVSS3.9AI score0.00545EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/10/30 9:0 p.m.26 views

CVE-2018-16467

A missing check in Nextcloud Server prior to 14.0.0 could give unauthorized access to the previews of single file password protected shares...

5.4AI score0.01068EPSS
Exploits1References2
Cvelist
Cvelist
added 2018/10/30 9:0 p.m.24 views

CVE-2018-16465

Missing state in Nextcloud Server prior to 14.0.0 would not enforce the use of a second factor at login if the the provider of the second factor failed to load...

5.3AI score0.00811EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2018/08/20 12:0 a.m.24 views

Nextcloud Server 'JSON Encoder' Security Bypass Vulnerability

Nextcloud Server is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5.3CVSS5.3AI score0.01263EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2018/08/20 12:0 a.m.17 views

Nextcloud Server 'Autocomplete field' Stored XSS Vulnerability (NC-SA-2018-008)

Nextcloud Server is prone to a stored cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5.4CVSS5.1AI score0.00769EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2018/08/20 12:0 a.m.35 views

Nextcloud Server Security Bypass Vulnerability (Aug 2018)

Nextcloud Server is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

8.8CVSS8.8AI score0.01234EPSS
Exploits0References1
CNVD
CNVD
added 2018/08/15 12:0 a.m.2 views

NextCloud Server Cross-Site Scripting Vulnerability (CNVD-2018-17647)

Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany.Nextcloud Server is one of the server version. A cross-site scripting vulnerability exists in versions of NextCloud Server prior to 13.0.5, which stems from the...

5.4CVSS5.1AI score0.00769EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/08/13 7:0 p.m.22 views

CVE-2018-3780

A missing sanitization of search results for an autocomplete field in NextCloud Server 13.0.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users...

5AI score0.00769EPSS
Exploits0References2
CNVD
CNVD
added 2018/08/13 12:0 a.m.3 views

Nextcloud Server Authorization Issues Vulnerability

Nextcloud is a client-server software suite for creating network hard disks. An authorization issue vulnerability exists in versions of Nextcloud Server prior to 12.0.3, which can be exploited by an attacker to obtain user credentials and bypass two-factor authentication...

8.8CVSS8.2AI score0.01234EPSS
Exploits0References1
CNVD
CNVD
added 2018/08/13 12:0 a.m.2 views

Nextcloud Server Improper Input Validation Vulnerability

Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany.Nextcloud Server is one of the server version. An input validation vulnerability exists in Nextcloud Server versions prior to 12.0.3 and 11.0.5, which can be exploite...

5.3CVSS5.3AI score0.01263EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2018/08/12 10:29 p.m.20 views

CVE-2018-3776

Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker's actions not being logged in the audit log...

5.3CVSS6.1AI score0.01263EPSS
Exploits0References3
NVD
NVD
added 2018/08/12 10:29 p.m.27 views

CVE-2018-3775

Improper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obtained user credentials to bypass the 2 Factor Authentication...

8.8CVSS8.7AI score0.01234EPSS
Exploits0References2
Rows per page
Query Builder