Nextcloud Server < 12.0.13, < 13.0.8, < 14.0.4 Information Disclosure Vulnerability (NC-SA-2020-013)

Nextcloud Server is prone to an information disclosure vulnerability where event details are leaked when sharing a non-public calendar event. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

Nextcloud Server < 14.0.13, < 15.0.9, < 16.0.2 XSS Vulnerability (NC-SA-2019-018)

Nextcloud Server is prone to a cross-site scripting vulnerability in the svg logo generation. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only C...

Nextcloud Server < 14.0.13, < 15.0.9, < 16.0.2 Information Disclosure Vulnerability (NC-SA-2019-016)

Nextcloud Server is prone to an information disclosure vulnerability where User IDs and Nextcloud server are leaked to a Nextcloud Lookup server with disabled settings. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright...

Nextcloud Server < 15.0.14, < 16.0.7, < 17.0.2 File Mimetypes Vulnerability (NC-SA-2020-002)

Nextcloud Server is relying on the extension of externally-supplied files. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Nextcloud Server < 13.0.11, < 14.0.7, < 15.0.3 2FA Sessions Vulnerability (NC-SA-2020-001)

Nextcloud Server is prone to a vulnerability where 2FA sessions are not properly expired on a password change. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifie...

Nextcloud Server 16.x DNS Pollution Vulnerability (NC-SA-2020-005)

Nextcloud Server is prone to a DNS pollution vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Nextcloud Server < 14.0.13, < 15.0.9, < 16.0.2 Share Vulnerability (NC-SA-2020-012)

Nextcloud Server is prone to an improper permission preservation vulnerability on reshares. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...

Nextcloud Server < 14.0.9, 15.x < 15.0.6 XSS Vulnerability (NC-SA-2020-007)

Nextcloud Server is prone to a reflected cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Nextcloud Server < 16.0.4 XSS Vulnerability (NC-SA-2020-008)

Nextcloud Server is prone to a cross-site scripting vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Nextcloud Server 17.0.0 2FA Vulnerability (NC-SA-2020-006)

Nextcloud Server is prone to a vulnerability where a duplicate setup of a second factor is allowed. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Nextcloud Server < 14.0.11, < 15.0.8 Input Validation Vulnerability (NC-SA-2019-015)

Nextcloud Server is prone to an input validation vulnerability where group admins can create users with IDs of system folders. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

CVE-2020-8120

A reflected Cross-Site Scripting vulnerability in Nextcloud Server 16.0.1 was discovered in the svg generation...

CVE-2020-8122

A missing check in Nextcloud Server 14.0.3 could give recipient the possibility to extend the expiration date of a share they received...

CVE-2020-8121

A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer...

CVE-2020-8120

A reflected Cross-Site Scripting vulnerability in Nextcloud Server 16.0.1 was discovered in the svg generation...

CVE-2020-8121

A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer...

CVE-2020-8122

A missing check in Nextcloud Server 14.0.3 could give recipient the possibility to extend the expiration date of a share they received...

CVE-2020-8118

An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application...

CVE-2020-8118

An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application...

CVE-2020-8119

Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app...