4993 matches found
CVE-2021-37617
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. The Nextcloud Desktop Client invokes its uninstaller script when being installed to make sure there are no remnants of previous installations. In versions 3.0.3 through 3.2.4, the Client searches th...
CVE-2021-39225
Nextcloud is an open-source, self-hosted productivity platform. A missing permission check in Nextcloud Deck before 1.2.9, 1.4.5 and 1.5.3 allows another authenticated users to access Deck cards of another user. It is recommended that the Nextcloud Deck App is upgraded to 1.2.9, 1.4.5 or 1.5.3...
CVE-2022-31132
Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on the path ./vendor/cerdic/css-tidy/cssoptimiser.php. Access to the minifier is unrestricted and access may lead to Server-Side Request Forgery SSRF. It is recommendet t...
CVE-2024-52508
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. When a user is trying to set up a mail account with an email address like [email protected] that does not support auto configuration, and an attacker managed to register autoconfig.tld, the used email details would ...
Nextcloud: Sensitive Information Disclosure via Back Button Post Logout on https://apps.nextcloud.com/account/
A cache control vulnerability was identified on the https://apps.nextcloud.com/account/ page. After logging out, sensitive information such as the user's first name, last name, and email address remained accessible by using the browser's back button. This occurred due to improper caching of...
Nextcloud: Blind SSRF Vulnerability in Appstore Release Upload Form
Vulnerability description not provided...
PT-2025-49298
Name of the Vulnerable Software and Affected Versions Nextcloud Desktop versions prior to 3.16.5 Description Nextcloud Desktop is a desktop sync client for Nextcloud. Before version 3.16.5, the file path was transmitted unencrypted when attempting to manually lock a file within an end-to-end...
Nextcloud: [nextcloud/mail] Blind SSRF to Internal Network via "List-Unsubscribe" SMTP Header when allow_local_remote_servers is allowed
Vulnerability description not provided...
Nextcloud: admin_audit does not log actions on files in a group folder
The adminaudit app in Nextcloud versions prior to 24.0.4 did not log actions on files in a group folder...
The vulnerability of NextCloud Mail’s email client, related to improper access control, allows attackers to disclose protected information.
The vulnerability of NextCloud Mail’s email client stems from insufficient access control. Exploiting this vulnerability allows a malicious actor to disclose protected information from a remote location...
The vulnerability of NextCloud Mail’s email client allows unauthorized individuals to disclose confidential information, enabling attackers to expose protected data.
The vulnerability of NextCloud Mail’s email client stems from improper automatic configuration. Exploiting this vulnerability allows a malicious actor to disclose protected information remotely...
The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server lies in the insufficient protection of sensitive data, allowing attackers to influence privacy issues.
The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow attackers to influence the confidentiality of sensitive information...
The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server lies in the insufficient protection of sensitive data, allowing attackers to influence privacy issues.
The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow attackers to influence the confidentiality of sensitive information...
The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server lies in the authentication procedures’ deficiencies, which allow attackers to disclose protected information.
The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server is related to deficiencies in authentication procedures. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose protected information...
The vulnerability of cloud software for creating and using Nextcloud Server and Nextcloud Enterprise Server lies in the insecure management of privileges, which allows attackers to disclose protected information.
The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server lies in the insecure management of privileges. Exploiting this vulnerability can allow a malicious actor, operating remotely, to expose protected information...
The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server lies in the use of a reversible one-way hash function. This allows attackers to make background tasks effective.
The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server lies in the use of a reversible one-way hash function. Exploiting this vulnerability allows a malicious actor to make a background task effective...
The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server lies in the lack of security measures for website structures, allowing attackers to trigger service failures.
The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server is related to the lack of protective measures for the website structure. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...
The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server lies in the storage of sensitive information in unencrypted form, allowing attackers to gain access to confidential data.
The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server lies in the storage of passwords in an unencrypted form during session data. Exploiting this vulnerability can allow attackers to gain access to confidential information...
The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server allows attackers to gain unauthorized access to protected information, thereby enabling them to compromise the security of these systems.
The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server relates to the insecure storage of confidential information. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
ROS-20241203-07
Nextcloud mail client vulnerability is related to incorrect automatic configuration. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality Nextcloud mail client vulnerability is related to insufficient access control. Exploitation of the...