Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

4969 matches found

Cvelist
Cvelistadded 2021/07/12 7:5 p.m.26 views

CVE-2021-32707 Bypass of image blocking in Nextcloud Mail

Nextcloud Mail is a mail app for Nextcloud. In versions prior to 1.9.6, the Nextcloud Mail application does not, by default, render images in emails to not leak the read state. The privacy filter failed to filter images with a background-image CSS attribute. Note that the images were still passed...

4.3CVSS4.8AI score0.01146EPSS
Exploits1References3
CVE
CVEadded 2021/07/12 6:45 p.m.55 views

CVE-2021-32689

Nextcloud Talk suffered a vulnerability in versions prior to 11.2.2 where a user could reuse an earlier username and gain access to chat messages sent to that previous user. The issue is described as allowing access to messages associated with the reused username, with patches released in Nextclo...

8.1CVSS6.6AI score0.01EPSS
Exploits0References5Affected Software1
Cvelist
Cvelistadded 2021/07/12 6:45 p.m.22 views

CVE-2021-32689 Nextcloud Talk not properly disassociating users from chats after account deletion

Nextcloud Talk is a fully on-premises audio/video and chat communication service. In versions prior to 11.2.2, if a user was able to reuse an earlier used username, they could get access to any chat message sent to the previous user with this username. The issue was patched in versions 11.2.2 and...

8.1CVSS8.1AI score0.01EPSS
Exploits0References5
Hacker One
Hacker Oneadded 2021/07/12 5:52 p.m.18 views

Nextcloud: Missing brute force protection on OAuth2 API controller

Vulnerability description not provided...

5.8CVSS5.6AI score0.00577EPSS
Exploits0
OSV
OSVadded 2021/07/12 4:15 p.m.19 views

CVE-2021-32705

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public DAV endpoint. This may have allowed an attacker to enumerate potentially valid share tokens or credentials. The issue was fixed in...

7.5CVSS6.5AI score
Exploits0References6
OSV
OSVadded 2021/07/12 4:15 p.m.23 views

CVE-2021-32703

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the shareinfo endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. The issue was fixed in versions 19.0.13,...

5.3CVSS6.4AI score
Exploits0References6
NVD
NVDadded 2021/07/12 4:15 p.m.12 views

CVE-2021-32705

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public DAV endpoint. This may have allowed an attacker to enumerate potentially valid share tokens or credentials. The issue was fixed in...

7.5CVSS0.01702EPSS
Exploits0References6
NVD
NVDadded 2021/07/12 4:15 p.m.14 views

CVE-2021-32703

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the shareinfo endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. The issue was fixed in versions 19.0.13,...

5.3CVSS0.01512EPSS
Exploits0References6
Prion
Prionadded 2021/07/12 4:15 p.m.21 views

Code injection

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the shareinfo endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. The issue was fixed in versions 19.0.13,...

5CVSS6.5AI score0.01512EPSS
Exploits0References6Affected Software2
Prion
Prionadded 2021/07/12 4:15 p.m.19 views

Command injection

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public DAV endpoint. This may have allowed an attacker to enumerate potentially valid share tokens or credentials. The issue was fixed in...

5CVSS7.8AI score0.01702EPSS
Exploits0References6Affected Software2
Cvelist
Cvelistadded 2021/07/12 3:30 p.m.25 views

CVE-2021-32705 Lack of ratelimit on public DAV endpoint

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public DAV endpoint. This may have allowed an attacker to enumerate potentially valid share tokens or credentials. The issue was fixed in...

5.3CVSS8.6AI score0.01702EPSS
Exploits0References6
CVE
CVEadded 2021/07/12 3:30 p.m.154 views

CVE-2021-32705

CVE-2021-32705 affects Nextcloud Server: prior to versions 19.0.13, 20.0.11, and 21.0.3 there was no ratelimit on the public DAV endpoint, which could allow an attacker to enumerate potentially valid share tokens or credentials. The issue is fixed in 19.0.13, 20.0.11, and 21.0.3. Impact described...

7.5CVSS6.2AI score0.01702EPSS
Exploits0References6Affected Software1
CVE
CVEadded 2021/07/12 3:25 p.m.150 views

CVE-2021-32703

Nextcloud Server CVE-2021-32703: The vulnerability is due to a lack of ratelimiting on the shareinfo endpoint, which could allow an attacker to enumerate potentially valid share tokens. Affected versions prior to 19.0.13, 20.0.11, and 21.0.3 are fixed in those respective versions. Remediation is ...

5.3CVSS5.8AI score0.01512EPSS
Exploits0References6Affected Software1
Cvelist
Cvelistadded 2021/07/12 3:25 p.m.18 views

CVE-2021-32703 Lack of ratelimit on shareinfo endpoint

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the shareinfo endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. The issue was fixed in versions 19.0.13,...

5.3CVSS7.2AI score0.01512EPSS
Exploits0References6
OSV
OSVadded 2021/07/12 2:15 p.m.15 views

CVE-2021-32680

Nextcloud Server is a Nextcloud package that handles data storage. In versions priot to 19.0.13, 20.0.11, and 21.0.3, Nextcloud Server audit logging functionality wasn't properly logging events for the unsetting of a share expiration date. This event is supposed to be logged. This issue is patche...

3.3CVSS6.5AI score
Exploits0References6
OSV
OSVadded 2021/07/12 2:15 p.m.21 views

CVE-2021-32688

Nextcloud Server is a Nextcloud package that handles data storage. Nextcloud Server supports application specific tokens for authentication purposes. These tokens are supposed to be granted to a specific applications e.g. DAV sync clients, and can also be configured by the user to not have any...

8.8CVSS6.7AI score
Exploits0References6
NVD
NVDadded 2021/07/12 2:15 p.m.9 views

CVE-2021-32688

Nextcloud Server is a Nextcloud package that handles data storage. Nextcloud Server supports application specific tokens for authentication purposes. These tokens are supposed to be granted to a specific applications e.g. DAV sync clients, and can also be configured by the user to not have any...

8.8CVSS0.02309EPSS
Exploits0References6
NVD
NVDadded 2021/07/12 2:15 p.m.16 views

CVE-2021-32680

Nextcloud Server is a Nextcloud package that handles data storage. In versions priot to 19.0.13, 20.0.11, and 21.0.3, Nextcloud Server audit logging functionality wasn't properly logging events for the unsetting of a share expiration date. This event is supposed to be logged. This issue is patche...

3.3CVSS0.00355EPSS
Exploits0References6
Prion
Prionadded 2021/07/12 2:15 p.m.15 views

Code injection

Nextcloud Server is a Nextcloud package that handles data storage. In versions priot to 19.0.13, 20.0.11, and 21.0.3, Nextcloud Server audit logging functionality wasn't properly logging events for the unsetting of a share expiration date. This event is supposed to be logged. This issue is patche...

2.1CVSS5.7AI score0.00355EPSS
Exploits0References6Affected Software2
Prion
Prionadded 2021/07/12 2:15 p.m.18 views

Authentication flaw

Nextcloud Server is a Nextcloud package that handles data storage. Nextcloud Server supports application specific tokens for authentication purposes. These tokens are supposed to be granted to a specific applications e.g. DAV sync clients, and can also be configured by the user to not have any...

7.5CVSS8.6AI score0.02309EPSS
Exploits0References6Affected Software2
Rows per page
Query Builder