4969 matches found
PT-2021-19836 · Nextcloud · Nextcloud Android App
Name of the Vulnerable Software and Affected Versions: Nextcloud Android versions prior to 3.16.1 Description: The Nextcloud Android client has a timeout issue that may prevent it from properly cleaning sensitive data when an account is removed. This could include sensitive key material, such as...
Nextcloud Access Control Error Vulnerability (CNVD-2021-102889)
An access control error vulnerability exists in Nextcloud End-to-End Encryption, an open source, self-hosted file synchronization and sharing communication application platform from Nextcloud Germany, which stems from improper access restrictions. The vulnerability allows remote attackers to gain...
Nextcloud 资源管理错误漏洞
An access control error vulnerability exists in Nextcloud End-to-End Encryption, an open source, self-hosted file synchronization and sharing communication application platform from Nextcloud Germany, which stems from improper access restrictions. The vulnerability allows remote attackers to gain...
Nextcloud 信息泄露漏洞
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An information disclosure vulnerability exists in the Nextcloud Android App that stems from performing a shared search on a lookup server by default, which...
Deck 信息泄露漏洞
Deck is a Kanban style organization tool. Designed for personal planning and project organization for teams integrated with Nextcloud. An information disclosure vulnerability exists in Deck that stems from allowing shared searches to be performed on the lookup server by default. A remote attacker...
Nextcloud 信息泄露漏洞
Nextcloud is an open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An information disclosure vulnerability exists in the Nextcloud iOS App that originates from the default Nextcloud Server and iOS Client leaking shared searches to...
Unspecified Vulnerability in Nextcloud (CNVD-2021-39031)
Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server that stems from a public link that can be added as a federated file share. An attacker could use this...
Unspecified vulnerability in Nextcloud (CNVD-2021-39033)
Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server, which stems from the fact that when a sharing user opens the sharing panel and attempts to delete the...
Nextcloud Access Control Error Vulnerability (CNVD-2021-39029)
Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An access control error vulnerability exists in Nextcloud Mail versions prior to 1.4.3, and prior to 1.8.2, which can be exploited by an authenticated attacke...
Nextcloud Resource Management Error Vulnerability
Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A vulnerability exists in Nextcloud Resource Management Error Vulnerability. No detailed vulnerability details are provided at this time...
Unspecified vulnerability in Nextcloud (CNVD-2021-39032)
Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server that can be exploited by an attacker to send a user ID to a lookup server when the user is not set to a...
Unspecified Vulnerability in Nextcloud (CNVD-2021-39030)
Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server that can be exploited by an attacker to access basic information about a server user by accessing a public...
Nextcloud: Download of file with arbitrary extension via injection into attachment header
Description ----------- When downloading mail attachments, the app fails to properly escape quotes in the content disposition header. Because of this, an attacker can send a victim a file with a benign extension such as .txt or .png which when downloaded will be stored with a malicious extension...
Nextcloud: Bypass of privacy filter / tracking pixel blocker
Description ------------ When the mail app receives inline images, it will block them for privacy reasons to prevent tracking pixels The images have been blocked to protect your privacy. This block works correctly for most remote resources in addition to images, remote CSS files, iframes, and som...
Nextcloud Server Multiple Vulnerabilities (May 2021)
Nextcloud Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nextcloud:nextcloudserver"...
CVE-2021-32657
Nextcloud Server is a Nextcloud package that handles data storage. In versions of Nextcloud Server prior to 10.0.11, 20.0.10, and 21.0.2, a malicious user may be able to break the user administration page. This would disallow administrators to administrate users on the Nextcloud instance. The...
CVE-2021-32656
Nextcloud Server is a Nextcloud package that handles data storage. A vulnerability in federated share exists in versions prior to 19.0.11, 20.0.10, and 21.0.2. An attacker can gain access to basic information about users of a server by accessing a public link that a legitimate server user added a...
CVE-2021-32656
Nextcloud Server is a Nextcloud package that handles data storage. A vulnerability in federated share exists in versions prior to 19.0.11, 20.0.10, and 21.0.2. An attacker can gain access to basic information about users of a server by accessing a public link that a legitimate server user added a...
CVE-2021-32657
Nextcloud Server is a Nextcloud package that handles data storage. In versions of Nextcloud Server prior to 10.0.11, 20.0.10, and 21.0.2, a malicious user may be able to break the user administration page. This would disallow administrators to administrate users on the Nextcloud instance. The...
Spoofing
Nextcloud Server is a Nextcloud package that handles data storage. A vulnerability in federated share exists in versions prior to 19.0.11, 20.0.10, and 21.0.2. An attacker can gain access to basic information about users of a server by accessing a public link that a legitimate server user added a...