Nextcloud: New users can read all Nextcloud Deck data from previous user with same username

First of all: Sorry, i know there is no scope "Deck" but both Joas and Jus pointed me to hackerone to report this security issue. 1. As an administrator create Nextcloud account "test" 2. Log in as "test" 3. Go to Deck app and create some boards, stacks and cards with personal or confidential...

openSUSE: Security Advisory for nextcloud (openSUSE-SU-2020:0670-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OPENSUSE-SU-2020:0670-1 Security update for nextcloud

This update for nextcloud to 18.0.4 fixes the following issues: Security issues fixed: - CVE-2020-8154: Fixed an XSS vulnerability when opening malicious PDFs NC-SA-2020-018 boo1171579. - CVE-2020-8155: Fixed a direct object reference vulnerability that allowed attackers to remotely wipe devices ...

Security update for nextcloud (moderate)

openSUSE Security Update: Security update for nextcloud Announcement ID: openSUSE-SU-2020:0670-1 Rating: moderate References: 1171572 1171579 Cross-References: CVE-2020-8154 CVE-2020-8155 Affected Products: openSUSE Leap 15.1 An update that fixes two vulnerabilities is now available. Description:...

OPENSUSE-SU-2020:0668-1 Security update for nextcloud

This update for nextcloud to 18.0.4 fixes the following issues: Security issues fixed: - CVE-2020-8154: Fixed an XSS vulnerability when opening malicious PDFs NC-SA-2020-018 boo1171579. - CVE-2020-8155: Fixed a direct object reference vulnerability that allowed attackers to remotely wipe devices ...

OPENSUSE-SU-2020:0667-1 Security update for nextcloud

This update for nextcloud to 18.0.4 fixes the following issues: Security issues fixed: - CVE-2020-8154: Fixed an XSS vulnerability when opening malicious PDFs NC-SA-2020-018 boo1171579. - CVE-2020-8155: Fixed a direct object reference vulnerability that allowed attackers to remotely wipe devices ...

Security update for nextcloud (moderate)

openSUSE Security Update: Security update for nextcloud Announcement ID: openSUSE-SU-2020:0668-1 Rating: moderate References: 1171572 1171579 Cross-References: CVE-2020-8154 CVE-2020-8155 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes two vulnerabilities is now available...

Security update for nextcloud (moderate)

openSUSE Security Update: Security update for nextcloud Announcement ID: openSUSE-SU-2020:0667-1 Rating: moderate References: 1084320 1171572 1171579 Cross-References: CVE-2020-8154 CVE-2020-8155 Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12 An update that solves two...

Improper access control allows injecting tasks into other users decks (NC-SA-2020-022)

Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to inject tasks into other users decks...

Nextcloud Server Cross-Site Scripting Vulnerability (CNVD-2021-28008)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A cross-site scripting vulnerability exists in the Files PDF viewer in Nextcloud Server versions prior to 18.0.3. The vulnerability stems from a lack of prope...

Nextcloud Mail Trust Management Issue Vulnerability

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A trust management issue vulnerability exists in Nextcloud Mail version 1.1.3, which stems from a lack of authentication to a TLS host. An attacker could...

Nextcloud Server Insecure Direct Object Reference Vulnerability

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An insecure direct object reference vulnerability exists in Nextcloud Server version 18.0.2. The vulnerability stems from the program's failure to perform...

Nextcloud Server 18.x < 18.0.3 XSS Vulnerability (NC-SA-2020-019)

Nextcloud Server is prone to a cross-site scripting vulnerability in the Files PDF viewer. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE ...

Nextcloud Server 17.x < 17.0.5, 18.x < 18.0.3 Insecure Direct Object Reference Vulnerability (NC-SA-2020-018)

Nextcloud Server is prone to an insecure direct object reference vulnerability due to a missing ownership check on remote wipe endpoint. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

CVE-2020-8155

An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF...

CVE-2020-8154

An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint...

CVE-2020-8154

An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint...

CVE-2020-8156

A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack...

CVE-2020-8155

An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF...

CVE-2020-8156

A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack...