[SECURITY] Fedora 33 Update: nextcloud-19.0.3-1.fc33

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing r ight on the web. NextCloud is extendable via a simple but powerful API...

Fedora: Security Advisory for nextcloud (FEDORA-2020-c9863904de)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Nextcloud Deck Information Disclosure Vulnerability

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Deck 1.0.4, which stems from a lack of access control and can be exploited by an attacker to view all attachments...

XSS through image upload of contacts using svg file (NC-SA-2020-045)

A missing file type check in Nextcloud Contacts 3.3.0 allowed a malicious user to upload malicious SVG files to perform XSS attacks...

Nextcloud Deck Access Control Error Vulnerability

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Deck version 0.8.0, which stems from a failure of proper access control and can be exploited by an attacker to...

Nextcloud Server Elevation of Privilege Vulnerability

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Server 19.0.0, which stems from a logic error resulting in an escalation of privileges that allows malicious user...

XSS through image upload on contacts using svg file with png extension (NC-SA-2020-044)

A missing file type check in Nextcloud Contacts 3.4.0 allowed a malicious user to upload SVG files as PNG files to perform XSS attacks...

Fedora 32 : nextcloud (2020-c9863904de)

Update to Nextcloud 18.0.9, fixes CVE-2020-81-39, CVE-2020-8173, CVE-2020-8183, CVE-2020-8223, CVE-2020-8154, CVE-2020-8155. Updating the Mail & Groupfolders apps from within Nextcloud also fixes CVE-2020-8153, CVE-2020-8156 Note that Tenable Network Security has extracted the preceding descripti...

[SECURITY] Fedora 32 Update: nextcloud-18.0.9-1.fc32

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing r ight on the web. NextCloud is extendable via a simple but powerful API...

PT-2020-20047 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Server version 19.0.1 Description: The issue arises from a misconfiguration in Nextcloud Server, where the user is incorrectly led to believe that passwordless WebAuthn also serves as two-factor verification. This misconception occu...

PT-2020-20067 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Server version 19.0.1 Description: The issue is related to insufficient protection of server-side encryption keys, allowing an attacker to replace these keys. Recommendations: For Nextcloud Server version 19.0.1, update to a version...

PT-2020-20000 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Server version 18.0.4 Description: A too small set of random characters being used for encryption allowed decryption in a shorter time than intended. Recommendations: For Nextcloud Server version 18.0.4, update to a version that use...

openSUSE Security Update : nextcloud (openSUSE-2020-1652)

This update for nextcloud fixes the following issues : nextcloud version 20.0.0 fix some security issues : - NC-SA-2020-037 PIN for passwordless WebAuthm is asked for but not verified - NC-SA-2020-033 CVE-2020-8228 Missing rate limit on signup page - NC-SA-2020-029 CVE-2020-8233, boo1177346...

openSUSE: Security Advisory for nextcloud (openSUSE-SU-2020:1652-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2020:1652-1 Security update for nextcloud

This update for nextcloud fixes the following issues: nextcloud version 20.0.0 fix some security issues: - NC-SA-2020-037 PIN for passwordless WebAuthm is asked for but not verified - NC-SA-2020-033 CVE-2020-8228 Missing rate limit on signup page - NC-SA-2020-029 CVE-2020-8233, boo1177346...

PT-2020-20008 · Nextcloud +2 · Nextcloud Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server version 19.0.0 Description: A logic error caused the plaintext storage of the share password when it was given on the initial create API call. Recommendations: For Nextcloud Server version 19.0.0, update to a version that fix...

Security update for nextcloud (moderate)

openSUSE Security Update: Security update for nextcloud Announcement ID: openSUSE-SU-2020:1652-1 Rating: moderate References: 1171572 1171579 1177346 Cross-References: CVE-2020-8154 CVE-2020-8155 CVE-2020-8183 CVE-2020-8228 CVE-2020-8233 Affected Products: openSUSE Leap 15.2 openSUSE Leap 15.1...

Nextcloud: XSS through image upload of contacts using svg file with png extension

Hello again, this is a bypass 89487 basically use the same payload file but change the extension to PNG Impact XSS or Open redirect when viewing the image of a contact...

CVE-2020-8235

Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments...

CVE-2020-8223

A logic error in Nextcloud Server 19.0.0 caused a privilege escalation allowing malicious users to reshare with higher permissions than they got assigned themselves...