4969 matches found
CVE-2020-8223
A logic error in Nextcloud Server 19.0.0 caused a privilege escalation allowing malicious users to reshare with higher permissions than they got assigned themselves...
CVE-2020-8235
Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments...
CVE-2020-8223
A logic error in Nextcloud Server 19.0.0 caused a privilege escalation allowing malicious users to reshare with higher permissions than they got assigned themselves...
CVE-2020-8182
Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permissions than they had themselves...
Improper access control
Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permissions than they had themselves...
Privilege escalation
A logic error in Nextcloud Server 19.0.0 caused a privilege escalation allowing malicious users to reshare with higher permissions than they got assigned themselves...
Improper access control
Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments...
CVE-2020-8182
Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permissions than they had themselves...
CVE-2020-8182
CVE-2020-8182 affects Nextcloud Deck 0.8.0. Root cause: improper access control that permits a user to reshARE boards shared with them with greater permissions than they possess. Documents describe a missing server-side check on per-user sharing permissions, enabling an attacker to alter access (...
CVE-2020-8223
CVE-2020-8223 affects Nextcloud Server 19.0.0 and is described as a logic error enabling privilege escalation by reshare with higher permissions than the attacker’s own. Fedora advisories show a fix in Nextcloud 19.0.3 (NC-SA-2020-029), and OpenVAS/NVD entries corroborate the CVE, but exploitatio...
CVE-2020-8223
A logic error in Nextcloud Server 19.0.0 caused a privilege escalation allowing malicious users to reshare with higher permissions than they got assigned themselves...
CVE-2020-8235
Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments...
CVE-2020-8235
CVE-2020-8235 affects Nextcloud Deck 1.0.4, where missing access control enables an insecure direct object reference to view all attachments. Root cause: inadequate access checks when accessing attachments from the Deck task view, leading to exposure of user-owned files. Public references in the ...
Nextcloud: No rate limiting for confirmation email lead to huge Mass mailings
Issue Description No rate limit means their is no mechanism to protect against the requests you made in a short frame of time. If the repetition doesn't give any error after 50, 100, 1000 repetitions then their will be no rate limit set. vulnerable has registred in 297359 774050 922470 URL Effect...
Improper integrity protection of server-side encryption keys (NC-SA-2020-041)
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryption keys...
Denial of Service by requesting to reset a password (NC-SA-2021-003)
A wrong check in Nextcloud Server 19 and prior allowed to perform a denial of service attack when resetting the password for a user...
Improper confidentiality protection of server-side encryption keys (NC-SA-2020-040)
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on...
Nextcloud Desktop Client Sensitive Information Plaintext Storage Vulnerability
Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication applications from Nextcloud Germany.Nextcloud Desktop Client is a desktop client application for Nextcloud. A vulnerability exists in Nextcloud Desktop Client version 2.6.4 in which sensitive informati...
FreeBSD : Nextcloud -- Password share by mail not hashed (eeec4e6f-fa71-11ea-9bb7-d4c9ef517024)
The Nextcloud project reports : NC-SA-2020-026 low: Password of share by mail is not hashed when given on the create share call A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call. C Tenable Network Security,...
CVE-2020-8225
A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials...