Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

4969 matches found

CVE
CVEadded 2021/07/12 1:45 p.m.154 views

CVE-2021-32688

Nextcloud Server tokens with application-scoped permissions could escalate their own privileges due to a missing permission check. In versions prior to 19.0.13, 20.0.11, and 21.0.3, these tokens could self-elevate and gain filesystem access. The issue is addressed in the patched releases 19.0.13,...

8.8CVSS8.6AI score0.02309EPSS
Exploits0References6Affected Software1
Cvelist
Cvelistadded 2021/07/12 1:45 p.m.18 views

CVE-2021-32688 Application specific tokens can change their own scope

Nextcloud Server is a Nextcloud package that handles data storage. Nextcloud Server supports application specific tokens for authentication purposes. These tokens are supposed to be granted to a specific applications e.g. DAV sync clients, and can also be configured by the user to not have any...

8.8CVSS9.4AI score0.02309EPSS
Exploits0References6
Cvelist
Cvelistadded 2021/07/12 1:25 p.m.19 views

CVE-2021-32680 Audit log is not properly logging unsetting of share expiration date

Nextcloud Server is a Nextcloud package that handles data storage. In versions priot to 19.0.13, 20.0.11, and 21.0.3, Nextcloud Server audit logging functionality wasn't properly logging events for the unsetting of a share expiration date. This event is supposed to be logged. This issue is patche...

3.3CVSS6.5AI score0.00355EPSS
Exploits0References6
CVE
CVEadded 2021/07/12 1:25 p.m.155 views

CVE-2021-32680

CVE-2021-32680 concerns Nextcloud Server: audit logging failed to log the unsetting of a share expiration date in versions prior to 19.0.13, 20.0.11, and 21.0.3. The issue is addressed in those patched versions (19.0.13, 20.0.11, 21.0.3). The provided documents describe the vulnerability as an au...

3.3CVSS4.8AI score0.00355EPSS
Exploits0References6Affected Software1
OSV
OSVadded 2021/07/12 1:15 p.m.19 views

CVE-2021-32679

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, filenames where not escaped by default in controllers using DownloadResponse. When a user-supplied filename was passed unsanitized into a DownloadResponse, this could be used to...

8.8CVSS6.4AI score
Exploits0References6
NVD
NVDadded 2021/07/12 1:15 p.m.17 views

CVE-2021-32679

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, filenames where not escaped by default in controllers using DownloadResponse. When a user-supplied filename was passed unsanitized into a DownloadResponse, this could be used to...

8.8CVSS0.0137EPSS
Exploits0References6
OSV
OSVadded 2021/07/12 1:15 p.m.22 views

CVE-2021-32678

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, ratelimits are not applied to OCS API responses. This affects any OCS API controller OCSController using the @BruteForceProtection annotation. Risk depends on the installed...

5.3CVSS6.7AI score
Exploits0References6
NVD
NVDadded 2021/07/12 1:15 p.m.16 views

CVE-2021-32678

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, ratelimits are not applied to OCS API responses. This affects any OCS API controller OCSController using the @BruteForceProtection annotation. Risk depends on the installed...

5.3CVSS0.01374EPSS
Exploits0References6
Prion
Prionadded 2021/07/12 1:15 p.m.21 views

Privilege escalation

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, filenames where not escaped by default in controllers using DownloadResponse. When a user-supplied filename was passed unsanitized into a DownloadResponse, this could be used to...

6.8CVSS8.4AI score0.0137EPSS
Exploits0References6Affected Software2
Prion
Prionadded 2021/07/12 1:15 p.m.19 views

Authentication flaw

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, ratelimits are not applied to OCS API responses. This affects any OCS API controller OCSController using the @BruteForceProtection annotation. Risk depends on the installed...

5CVSS6.7AI score0.01374EPSS
Exploits0References6Affected Software2
Cvelist
Cvelistadded 2021/07/12 12:50 p.m.28 views

CVE-2021-32679 Filenames not escaped by default in controllers using DownloadResponse

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, filenames where not escaped by default in controllers using DownloadResponse. When a user-supplied filename was passed unsanitized into a DownloadResponse, this could be used to...

3.5CVSS9.2AI score0.0137EPSS
Exploits0References6
CVE
CVEadded 2021/07/12 12:50 p.m.160 views

CVE-2021-32679

CVE-2021-32679 : In Nextcloud Server, filenames were not escaped by default in controllers using DownloadResponse prior to versions 19.0.13, 20.0.11, and 21.0.3. A user-supplied filename passed unsanitized could cause a downloaded file to have a benign extension while the content is executable, p...

8.8CVSS5.8AI score0.0137EPSS
Exploits0References6Affected Software1
CVE
CVEadded 2021/07/12 12:25 p.m.179 views

CVE-2021-32678

Nextcloud Server vulnerability CVE-2021-32678 concerns missing rate limiting on OCS API responses for controllers using BruteForceProtection (OCSController). Affected versions before the patches allow bypassing authentication rate limits or spamming users, with risk depending on installed apps. T...

5.3CVSS5AI score0.01374EPSS
Exploits0References6Affected Software1
Cvelist
Cvelistadded 2021/07/12 12:25 p.m.18 views

CVE-2021-32678 Ratelimit not applied on OCS API responses

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, ratelimits are not applied to OCS API responses. This affects any OCS API controller OCSController using the @BruteForceProtection annotation. Risk depends on the installed...

3.7CVSS7.5AI score0.01374EPSS
Exploits0References6
Nextcloud
Nextcloudadded 2021/07/12 9:26 a.m.23 views

End-to-end encryption device setup did not verify public key

None...

7.5CVSS7.4AI score0.00732EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloudadded 2021/07/12 9:24 a.m.23 views

Lack of ratelimit on public share link mount endpoint

None...

5.3CVSS5.4AI score0.01322EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloudadded 2021/07/12 9:23 a.m.29 views

File path disclosure of shared files in Nextcloud Text application

None...

5.3CVSS5.4AI score0.01381EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloudadded 2021/07/12 9:23 a.m.30 views

XSS in Nextcloud Text application

None...

6.1CVSS6AI score0.01106EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloudadded 2021/07/12 9:22 a.m.35 views

Webauthn tokens not removed after user has been deleted

None...

9.8CVSS8.6AI score0.01779EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloudadded 2021/07/12 9:22 a.m.113 views

Default share permissions not respected for federated reshares

None...

5.3CVSS5.5AI score0.01213EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder