4993 matches found
Nextcloud iOS Cross-Site Scripting Vulnerability
Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A cross-site scripting vulnerability exists in Nextcloud iOS. The vulnerability stems from a lack of proper validation of client-side data by the web...
Nextcloud Talk Authorization Issues Vulnerability
Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud Talk is vulnerable to an authorization issue. The vulnerability stems from errors such as configuration during operation of a networked system or...
Nextcloud Input Validation Error Vulnerability
Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud is vulnerable to an input validation error. The vulnerability originates from a network system or product that does not properly validate incoming...
Nextcloud Circles Authorization Issues Vulnerabilities
Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An authorization issue vulnerability exists in Nextcloud Circles. The vulnerability stems from a lack of authentication measures or insufficient authenticatio...
Nextcloud Server Access Control Error Vulnerability (CNVD-2020-12757)
Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An Access Control Error vulnerability exists in Nextcloud Server. The vulnerability arises from a network system or product not properly restricting access to...
Security update for nextcloud (moderate)
openSUSE Security Update: Security update for nextcloud Announcement ID: openSUSE-SU-2020:0229-1 Rating: moderate References: 1162766 1162775 1162776 1162781 1162782 1162784 Cross-References: CVE-2019-15613 CVE-2019-15621 CVE-2019-15623 CVE-2019-15624 CVE-2020-8118 CVE-2020-8119 Affected Products...
openSUSE: Security Advisory for nextcloud (openSUSE-SU-2020:0220-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
OPENSUSE-SU-2020:0220-1 Security update for nextcloud
This update for nextcloud fixes the following issues: Nextcloud was updated to 15.0.14: - NC-SA-2020-002, CVE-2019-15613: workflow rules to depend their behaviour on the file extension when checking file mimetypes boo1162766 - NC-SA-2019-016, CVE-2019-15623: Exposure of Private Information caused...
Security update for nextcloud (moderate)
openSUSE Security Update: Security update for nextcloud Announcement ID: openSUSE-SU-2020:0220-1 Rating: moderate References: 1162766 1162775 1162776 1162781 1162782 1162784 Cross-References: CVE-2019-15613 CVE-2019-15621 CVE-2019-15623 CVE-2019-15624 CVE-2020-8118 CVE-2020-8119 Affected Products...
Nextcloud: nextcloud-snap CircleCI project has vulnerable configuration which can lead to exposing secrets
Summary: CircleCI allows projects to configure whether builds will run as a result of a pull request from a fork, and also whether these fork PRs have access to the secrets stored in the parent repo's CircleCI settings. When both settings are enabled, and the repo associated with the project allo...
Nextcloud: Email Spoofing
An SPF/DMARC record is a type of Domain Name Service DNS record that identifies which mail servers are permitted to send email on behalf of your domain. The purpose of an SPF/DMARC record is to prevent spammers from sending messages on the behalf of your organization. Remediation: Create a SPF...
Nextcloud server improper authorization vulnerability
Nextcloud is a client-server software suite for creating network hard disks. An improper authorization vulnerability exists in Nextcloud Server 17.0.0. An attacker can exploit the vulnerability to cause preview and file disclosure when opening a file to place a share link via the Gallery...
Nextcloud Android SQL Injection Vulnerability
Nextcloud is a suite of client-server software for creating network drives.Nextcloud Android is the Nextcloud Android client. A security vulnerability exists in Nextcloud Android. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based applications...
Nextcloud Server Improper Privilege Retention Vulnerability
Nextcloud is a suite of client-server software for creating network hard disks. An improper privilege retention vulnerability exists in Nextcloud Server 14.0.3. An attacker could exploit the vulnerability to obtain event details when sharing non-public events...
Nextcloud Server Improper Access Control Checking Vulnerability (CNVD-2020-05120)
Nextcloud is a client-server software suite for creating network hard disks. An improper share expiration date access control checking vulnerability exists in Nextcloud Server 14.0.3. A recipient could exploit the vulnerability to extend the expiration date of a share that it receives...
Nextcloud server server-side request forgery vulnerability
Nextcloud is a client-server software suite for creating network hard disks. A server-side request forgery vulnerability exists in Nextcloud Server 16.0.1. An attacker could use this vulnerability to detect local and remote services when adding a new subscription in the Calendar application...
Nextcloud Server Cross-Site Scripting Vulnerability (CNVD-2020-05114)
Nextcloud is a client-server software suite for creating network hard disks. A reflected cross-site scripting vulnerability exists in svg generation in Nextcloud Server 16.0.1. No detailed vulnerability details are provided at this time...
Secure view shares can be downloaded by manipulating the URL (NC-SA-2020-015)
A missing access control check in Nextcloud Server 18.0.0 causes hide-download shares to be downloadable when appending /download to the URL...
Nextcloud Server < 13.0.9, < 14.0.5, < 15.0.1 Improper Authentication Vulnerability (NC-SA-2019-001)
Nextcloud Server is prone to an improper authentication vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Nextcloud Server < 12.0.8, < 13.0.3 Improper Input Vulnerability (NC-SA-2018-003)
Nextcloud Server is prone to an improper input vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...