Lucene search
K

4993 matches found

CNVD
CNVD
added 2020/02/17 12:0 a.m.1 views

Nextcloud iOS Cross-Site Scripting Vulnerability

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A cross-site scripting vulnerability exists in Nextcloud iOS. The vulnerability stems from a lack of proper validation of client-side data by the web...

5.4CVSS6.4AI score0.00783EPSS
Exploits0References1
CNVD
CNVD
added 2020/02/17 12:0 a.m.4 views

Nextcloud Talk Authorization Issues Vulnerability

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud Talk is vulnerable to an authorization issue. The vulnerability stems from errors such as configuration during operation of a networked system or...

4CVSS6.5AI score0.00766EPSS
Exploits0References1
CNVD
CNVD
added 2020/02/17 12:0 a.m.2 views

Nextcloud Input Validation Error Vulnerability

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud is vulnerable to an input validation error. The vulnerability originates from a network system or product that does not properly validate incoming...

4.9CVSS6.9AI score0.01472EPSS
Exploits1References1
CNVD
CNVD
added 2020/02/17 12:0 a.m.3 views

Nextcloud Circles Authorization Issues Vulnerabilities

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An authorization issue vulnerability exists in Nextcloud Circles. The vulnerability stems from a lack of authentication measures or insufficient authenticatio...

4.3CVSS7.2AI score0.00831EPSS
Exploits0References1
CNVD
CNVD
added 2020/02/17 12:0 a.m.1 views

Nextcloud Server Access Control Error Vulnerability (CNVD-2020-12757)

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An Access Control Error vulnerability exists in Nextcloud Server. The vulnerability arises from a network system or product not properly restricting access to...

8.1CVSS6.9AI score0.01036EPSS
Exploits1References1
OPENSUSE Linux
OPENSUSE Linux
added 2020/02/17 12:0 a.m.89 views

Security update for nextcloud (moderate)

openSUSE Security Update: Security update for nextcloud Announcement ID: openSUSE-SU-2020:0229-1 Rating: moderate References: 1162766 1162775 1162776 1162781 1162782 1162784 Cross-References: CVE-2019-15613 CVE-2019-15621 CVE-2019-15623 CVE-2019-15624 CVE-2020-8118 CVE-2020-8119 Affected Products...

8CVSS6.3AI score0.01924EPSS
Exploits3References6
OpenVAS
OpenVAS
added 2020/02/16 12:0 a.m.37 views

openSUSE: Security Advisory for nextcloud (openSUSE-SU-2020:0220-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8CVSS5.4AI score0.01924EPSS
Exploits3References2
OSV
OSV
added 2020/02/15 7:9 p.m.6 views

OPENSUSE-SU-2020:0220-1 Security update for nextcloud

This update for nextcloud fixes the following issues: Nextcloud was updated to 15.0.14: - NC-SA-2020-002, CVE-2019-15613: workflow rules to depend their behaviour on the file extension when checking file mimetypes boo1162766 - NC-SA-2019-016, CVE-2019-15623: Exposure of Private Information caused...

8CVSS7.7AI score0.01924EPSS
Exploits3References13
OPENSUSE Linux
OPENSUSE Linux
added 2020/02/15 12:0 a.m.105 views

Security update for nextcloud (moderate)

openSUSE Security Update: Security update for nextcloud Announcement ID: openSUSE-SU-2020:0220-1 Rating: moderate References: 1162766 1162775 1162776 1162781 1162782 1162784 Cross-References: CVE-2019-15613 CVE-2019-15621 CVE-2019-15623 CVE-2019-15624 CVE-2020-8118 CVE-2020-8119 Affected Products...

8CVSS6.3AI score0.01924EPSS
Exploits3References6
Hacker One
Hacker One
added 2020/02/12 11:8 a.m.32 views

Nextcloud: nextcloud-snap CircleCI project has vulnerable configuration which can lead to exposing secrets

Summary: CircleCI allows projects to configure whether builds will run as a result of a pull request from a fork, and also whether these fork PRs have access to the secrets stored in the parent repo's CircleCI settings. When both settings are enabled, and the repo associated with the project allo...

6.7AI score
Exploits0
Hacker One
Hacker One
added 2020/02/11 12:14 p.m.119 views

Nextcloud: Email Spoofing

An SPF/DMARC record is a type of Domain Name Service DNS record that identifies which mail servers are permitted to send email on behalf of your domain. The purpose of an SPF/DMARC record is to prevent spammers from sending messages on the behalf of your organization. Remediation: Create a SPF...

2.2AI score
Exploits0
CNVD
CNVD
added 2020/02/11 12:0 a.m.2 views

Nextcloud server improper authorization vulnerability

Nextcloud is a client-server software suite for creating network hard disks. An improper authorization vulnerability exists in Nextcloud Server 17.0.0. An attacker can exploit the vulnerability to cause preview and file disclosure when opening a file to place a share link via the Gallery...

4.3CVSS6.7AI score0.00915EPSS
Exploits0References1
CNVD
CNVD
added 2020/02/11 12:0 a.m.2 views

Nextcloud Android SQL Injection Vulnerability

Nextcloud is a suite of client-server software for creating network drives.Nextcloud Android is the Nextcloud Android client. A security vulnerability exists in Nextcloud Android. The vulnerability stems from a lack of validation of externally entered SQL statements in database-based applications...

2.4CVSS7.7AI score0.00507EPSS
Exploits1References1
CNVD
CNVD
added 2020/02/11 12:0 a.m.2 views

Nextcloud Server Improper Privilege Retention Vulnerability

Nextcloud is a suite of client-server software for creating network hard disks. An improper privilege retention vulnerability exists in Nextcloud Server 14.0.3. An attacker could exploit the vulnerability to obtain event details when sharing non-public events...

4.3CVSS6.8AI score0.00714EPSS
Exploits0References1
CNVD
CNVD
added 2020/02/11 12:0 a.m.2 views

Nextcloud Server Improper Access Control Checking Vulnerability (CNVD-2020-05120)

Nextcloud is a client-server software suite for creating network hard disks. An improper share expiration date access control checking vulnerability exists in Nextcloud Server 14.0.3. A recipient could exploit the vulnerability to extend the expiration date of a share that it receives...

4.3CVSS6.8AI score0.00684EPSS
Exploits1References1
CNVD
CNVD
added 2020/02/11 12:0 a.m.3 views

Nextcloud server server-side request forgery vulnerability

Nextcloud is a client-server software suite for creating network hard disks. A server-side request forgery vulnerability exists in Nextcloud Server 16.0.1. An attacker could use this vulnerability to detect local and remote services when adding a new subscription in the Calendar application...

5CVSS6.7AI score0.01287EPSS
Exploits1References1
CNVD
CNVD
added 2020/02/11 12:0 a.m.2 views

Nextcloud Server Cross-Site Scripting Vulnerability (CNVD-2020-05114)

Nextcloud is a client-server software suite for creating network hard disks. A reflected cross-site scripting vulnerability exists in svg generation in Nextcloud Server 16.0.1. No detailed vulnerability details are provided at this time...

6.1CVSS6.2AI score0.00916EPSS
Exploits1References1
Nextcloud
Nextcloud
added 2020/02/07 12:0 a.m.33 views

Secure view shares can be downloaded by manipulating the URL (NC-SA-2020-015)

A missing access control check in Nextcloud Server 18.0.0 causes hide-download shares to be downloadable when appending /download to the URL...

4CVSS2.4AI score0.01536EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2020/02/07 12:0 a.m.17 views

Nextcloud Server < 13.0.9, < 14.0.5, < 15.0.1 Improper Authentication Vulnerability (NC-SA-2019-001)

Nextcloud Server is prone to an improper authentication vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

4.3CVSS4.8AI score0.00854EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2020/02/07 12:0 a.m.20 views

Nextcloud Server < 12.0.8, < 13.0.3 Improper Input Vulnerability (NC-SA-2018-003)

Nextcloud Server is prone to an improper input vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

8.1CVSS8AI score0.01657EPSS
Exploits0References1
Rows per page
Query Builder