4969 matches found
CVE-2020-8295
A wrong check in Nextcloud Server 19 and prior allowed to perform a denial of service attack when resetting the password for a user...
CVE-2020-8293
A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage with those rules...
Design/Logic Flaw
A wrong check in Nextcloud Server 19 and prior allowed to perform a denial of service attack when resetting the password for a user...
Input validation
A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage with those rules...
CVE-2020-8295
A wrong check in Nextcloud Server 19 and prior allowed to perform a denial of service attack when resetting the password for a user...
CVE-2020-8295
CVE-2020-8295 is a Denial of Service vulnerability in Nextcloud Server (affecting Nextcloud Server 19 and earlier) caused by a wrong check when resetting a user password. Connected advisories confirm the issue is addressed by upgrading Nextcloud to newer releases (notably 19.0.13, 20.0.11, or 21....
CVE-2020-8293
A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage with those rules...
CVE-2020-8293
CVE-2020-8293 : A missing input validation in Nextcloud Server allowed users to store unlimited data in workflow rules, causing load and potential DDoS on subsequent interactions. Affected versions were 18.0.x, 19.0.x, and 20.0.x prior to fixes. Connectedupdates show Nextcloud releases addressing...
PT-2021-12722 · Nextcloud +2 · Nextcloud Server +2
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 20.0.2 Nextcloud Server versions prior to 19.0.5 Nextcloud Server versions prior to 18.0.11 Description: A missing input validation in Nextcloud Server allows users to store unlimited data in workflow rules,...
Nextcloud 资源管理错误漏洞
Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server. The vulnerability stems from the program's lack of input validation, which prevents users from storing...
Nextcloud 资源管理错误漏洞
Nextcloud is a set of client-server software for creating file hosting services and using them.Nextcloud Server is the server software. A denial of service vulnerability exists in Nextcloud Server 19 and earlier versions. The vulnerability stems from a checking error. An attacker could exploit th...
Reflected XSS when renaming malicious file (NC-SA-2021-005)
Missing sanitization in Nextcloud Server 20.0.5 and prior allowed to perform a reflected XSS when saving html as file name and causing an error on rename e.g. by renaming to an existing file. The risk is mostly mitigated due to the strict Content-Security-Policy CSP of Nextcloud, and thus mainly...
External storage credentials stored for wrong user (NC-SA-2021-004)
A missing user check in Nextcloud 20.0.5 and prior allowed to populate your own credentials for other users external storage configuration when they did not configure one yet...
Nextcloud: [nextcloud.com] Control character allowed in Submit Question
Issue descriptions We found that the maximum length of the first and last name fields was not set to 32 characters at registration and to 1000 characters when using the profile update form. The attacker can use this method as a malware attack, the user will redirect to a website that contains...
Nextcloud: Nextcloud Desktop Client RCE via malicious URI schemes
Nextcloud Desktop utilizes QT's QDesktopServices::openUrl to open URLs. This function invokes the OS'/Desktop environment's default application to handling the URI scheme and file extension. During the Nextcloud Add Account flow, the server's login website is opened within a native window/WebView...
Nextcloud Contacts Cross-Site Scripting Vulnerability (CNVD-2021-03031)
Nextcloud Contacts is the user interface for Nextcloud's CardDAV server. A cross-site scripting vulnerability exists in Nextcloud Contacts 3.4.0. The vulnerability stems from a missing file type check. The vulnerability can be exploited to conduct cross-site scripting attacks by uploading SVG fil...
Nextcloud Contacts Cross-Site Scripting Vulnerability (CNVD-2021-03032)
Nextcloud Contacts is the user interface for Nextcloud's CardDAV server. A cross-site scripting vulnerability exists in Nextcloud Contacts 3.3.0. The vulnerability stems from a missing file type check. An attacker can exploit this vulnerability by uploading a malicious SVG file to conduct a...
CVE-2020-8281
A missing file type check in Nextcloud Contacts 3.3.0 allows a malicious user to upload malicious SVG files to perform cross-site scripting XSS attacks...
CVE-2020-8280
A missing file type check in Nextcloud Contacts 3.4.0 allows a malicious user to upload SVG files as PNG files to perform cross-site scripting XSS attacks...
CVE-2020-8281
A missing file type check in Nextcloud Contacts 3.3.0 allows a malicious user to upload malicious SVG files to perform cross-site scripting XSS attacks...