4969 matches found
CVE-2021-32802
Nextcloud server is an open source, self hosted personal cloud. Nextcloud supports rendering image previews for user provided file content. For some image types, the Nextcloud server was invoking a third-party library that wasn't suited for untrusted user-supplied content. There are several...
CVE-2021-32800
Nextcloud server is an open source, self hosted personal cloud. In affected versions an attacker is able to bypass Two Factor Authentication in Nextcloud. Thus knowledge of a password, or access to a WebAuthN trusted device of a user was sufficient to gain access to an account. It is recommended...
CVE-2021-32802
Nextcloud server is an open source, self hosted personal cloud. Nextcloud supports rendering image previews for user provided file content. For some image types, the Nextcloud server was invoking a third-party library that wasn't suited for untrusted user-supplied content. There are several...
CVE-2021-32801
Nextcloud server is an open source, self hosted personal cloud. In affected versions logging of exceptions may have resulted in logging potentially sensitive key material for the Nextcloud Encryption-at-Rest functionality. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4...
Code injection
Nextcloud server is an open source, self hosted personal cloud. In affected versions logging of exceptions may have resulted in logging potentially sensitive key material for the Nextcloud Encryption-at-Rest functionality. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4...
Design/Logic Flaw
Nextcloud server is an open source, self hosted personal cloud. In affected versions an attacker is able to bypass Two Factor Authentication in Nextcloud. Thus knowledge of a password, or access to a WebAuthN trusted device of a user was sufficient to gain access to an account. It is recommended...
Server side request forgery (ssrf)
Nextcloud server is an open source, self hosted personal cloud. Nextcloud supports rendering image previews for user provided file content. For some image types, the Nextcloud server was invoking a third-party library that wasn't suited for untrusted user-supplied content. There are several...
CVE-2021-32802
CVE-2021-32802 affects Nextcloud Server where image-preview rendering calls a third-party library not suited for untrusted content, enabling issues such as SSRF, file disclosure, or potential code execution. Public details confirm Nextcloud versions 20.0.12, 21.0.4 and 22.1.0 no longer use the vu...
CVE-2021-32802 Preview generation used third-party library not suited for user-generated content in Nextcloud server
Nextcloud server is an open source, self hosted personal cloud. Nextcloud supports rendering image previews for user provided file content. For some image types, the Nextcloud server was invoking a third-party library that wasn't suited for untrusted user-supplied content. There are several...
CVE-2021-32801
CVE-2021-32801 affects Nextcloud Server and concerns logging of potentially sensitive information in log files due to exception logging. The public records in OpenSUSE/GLSA summaries tie this CVE to Nextcloud Server components and indicate fixes were deployed in updated releases (Nextcloud 20.0.1...
CVE-2021-32801 Exceptions may have logged Encryption-at-Rest key content in Nextcloud server
Nextcloud server is an open source, self hosted personal cloud. In affected versions logging of exceptions may have resulted in logging potentially sensitive key material for the Nextcloud Encryption-at-Rest functionality. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4...
CVE-2021-32800 Bypass of Two Factor Authentication in Nextcloud server
Nextcloud server is an open source, self hosted personal cloud. In affected versions an attacker is able to bypass Two Factor Authentication in Nextcloud. Thus knowledge of a password, or access to a WebAuthN trusted device of a user was sufficient to gain access to an account. It is recommended...
CVE-2021-32800
CVE-2021-32800 affects Nextcloud Server where an attacker can bypass Two Factor Authentication, gaining access with only a password or access to a WebAuthn device. The vulnerability impacts Nextcloud Server in affected releases and is mitigated by upgrading to versions 20.0.12, 21.0.4, or 22.1.0 ...
CVE-2021-37628
Nextcloud Richdocuments is an open source collaborative office suite. In affected versions the File Drop features "Upload Only" public link shares in Nextcloud can be bypassed using the Nextcloud Richdocuments app. An attacker was able to read arbitrary files in such a share. It is recommended th...
CVE-2021-37629
Nextcloud Richdocuments is an open source collaborative office suite. In affected versions there is a lack of rate limiting on the Richdocuments OCS endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. It is recommended that the Nextcloud Richdocuments app is...
CVE-2021-32766
Nextcloud Text is an open source plaintext editing application which ships with the nextcloud server. In affected versions the Nextcloud Text application returned different error messages depending on whether a folder existed in a public link share. This is problematic in case the public link sha...
CVE-2021-37628
Nextcloud Richdocuments is an open source collaborative office suite. In affected versions the File Drop features "Upload Only" public link shares in Nextcloud can be bypassed using the Nextcloud Richdocuments app. An attacker was able to read arbitrary files in such a share. It is recommended th...
CVE-2021-32766
Nextcloud Text is an open source plaintext editing application which ships with the nextcloud server. In affected versions the Nextcloud Text application returned different error messages depending on whether a folder existed in a public link share. This is problematic in case the public link sha...
CVE-2021-37629
Nextcloud Richdocuments is an open source collaborative office suite. In affected versions there is a lack of rate limiting on the Richdocuments OCS endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. It is recommended that the Nextcloud Richdocuments app is...
Design/Logic Flaw
Nextcloud Text is an open source plaintext editing application which ships with the nextcloud server. In affected versions the Nextcloud Text application returned different error messages depending on whether a folder existed in a public link share. This is problematic in case the public link sha...