4969 matches found
CVE-2020-8279
Missing validation of server certificates for out-going connections in Nextcloud Social 0.4.0 allowed a man-in-the-middle attack...
Input validation
Missing validation of server certificates for out-going connections in Nextcloud Social 0.4.0 allowed a man-in-the-middle attack...
Improper access control
Improper access control in Nextcloud Social app version 0.3.1 allowed to read posts of any user...
CVE-2020-8278
CVE-2020-8278 corresponds to a vulnerability in the Nextcloud Social app (version 0.3.1) where improper access control allows reading posts of any user. The root cause is missing authentication/authorization checks in the Social app’s access flow (notably the displayPost path in the ActivityPubCo...
CVE-2020-8278
Improper access control in Nextcloud Social app version 0.3.1 allowed to read posts of any user...
CVE-2020-8279
Missing validation of server certificates for out-going connections in Nextcloud Social 0.4.0 allowed a man-in-the-middle attack...
CVE-2020-8279
CVE-2020-8279 concerns Nextcloud Social prior to version 0.4.0, where there is missing validation of server certificates for outbound connections. The root cause is that TLS peer verification could be disabled, enabling a man‑in‑the‑middle attack if an attacker could position themselves between t...
Nextcloud 信任管理问题漏洞
Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A vulnerability with trust management issues exists in versions prior to Nextcloud Social 0.4.0, which stems from a failure to validate server credentials for...
Potential DDoS when posting long data into workflow validation rules (NC-SA-2021-001)
A missing input validation in Nextcloud Server 20.0.1 allowed users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage with those rules...
Stored XSS in markdown file with Nextcloud Talk using Internet Explorer (NC-SA-2021-002)
A missing link validation in Nextcloud Server 20.0.1 allowed to execute a stored XSS attack on Internet Explorer users by saving a javascript url in a Markdown...
Nextcloud Social app 访问控制错误漏洞
Nextcloud Nextcloud Social app is a social application from Nextcloud Germany. An access control error vulnerability exists in version 0.3.1 of the Nextcloud Social app. The vulnerability is related to the control system of the affected version not properly handling user access requests. There is...
CVE-2020-8259
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryption keys...
CVE-2020-8152
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on...
CVE-2020-8152
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on...
CVE-2020-8259
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryption keys...
Authorization
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on...
Authorization
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryption keys...
CVE-2020-8259
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryption keys...
CVE-2020-8259
Nextcloud Server 19.0.1 is affected by CVE-2020-8259 due to insufficient protection of server-side encryption keys, allowing an attacker to replace the encryption keys. Exploitation details are not provided in the connected docs; the issue is described as a vulnerability in the key protection mec...
CVE-2020-8152
CVE-2020-8152 affects Nextcloud Server 19.0.1 where server-side encryption keys are not adequately protected, enabling an attacker to replace the public key and later decrypt data. The vulnerability is described in Nextcloud advisory NC-SA-2020-040 and related disclosures; the issue concerns impr...