Lucene search
K

4993 matches found

Cvelist
Cvelist
added 2020/02/04 7:8 p.m.18 views

CVE-2019-15612

A bug in Nextcloud Server 15.0.2 causes pending 2FA logins to not be correctly expired when the password of the user is reset...

5.7AI score0.0032EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/02/04 7:8 p.m.27 views

CVE-2019-15611

Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g. for federated users or registering for push notifications...

4.9AI score0.01081EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/02/04 7:8 p.m.34 views

CVE-2019-15617

A missing check in Nextcloud Server 17.0.0 allowed an attacker to set up a new second factor when trying to login...

5.3AI score0.00607EPSS
Exploits0References2
CVE
CVE
added 2020/02/04 7:8 p.m.66 views

CVE-2019-15622

The CVE-2019-15622 issue affects the Nextcloud Android app (3.6.0) where insufficient sanitization in the FileContentProvider allows bypassing query restrictions and exposing data from protected tables (e.g., filelist.db). The root cause is improper validation/restriction of SQL queries, enabling...

2.4CVSS3.5AI score0.00507EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/02/04 7:8 p.m.29 views

CVE-2019-15623

Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled...

6.3AI score0.01924EPSS
Exploits1References4
CVE
CVE
added 2020/02/04 7:8 p.m.66 views

CVE-2020-8122

CVE-2020-8122 affects Nextcloud Server 14.0.3, where a missing authorization check on share expiration updates lets a recipient extend the expiration date of a share they received. The root cause is an inadequate validation of the requester as the owner when modifying a share’s expiration. This v...

4.3CVSS4.7AI score0.00684EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/02/04 7:8 p.m.31 views

CVE-2019-15622

Not strictly enough sanitization in the Nextcloud Android app 3.6.0 allowed an attacker to get content information from protected tables when using custom queries...

3.5AI score0.00507EPSS
Exploits1References2
Cvelist
Cvelist
added 2020/02/04 7:8 p.m.20 views

CVE-2020-8117

Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public event...

4.5AI score0.00714EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/02/04 7:8 p.m.17 views

CVE-2020-8120

A reflected Cross-Site Scripting vulnerability in Nextcloud Server 16.0.1 was discovered in the svg generation...

6AI score0.00916EPSS
Exploits1References2
Cvelist
Cvelist
added 2020/02/04 7:8 p.m.18 views

CVE-2020-8121

A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer...

8AI score0.01036EPSS
Exploits1References2
CVE
CVE
added 2020/02/04 7:8 p.m.174 views

CVE-2019-15624

CVE-2019-15624: Nextcloud Server 15.0.7 is affected by improper input validation that allows group admins to create users with IDs of system folders. The issue is confirmed in CVE-2019-15624 and is addressed in security advisories accompanying Nextcloud updates to 15.0.14 (NC-SA-2020-015/openSUSE...

4.9CVSS5.7AI score0.01472EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2020/02/04 7:8 p.m.70 views

CVE-2020-8117

CVE-2020-8117 affects Nextcloud Server 14.0.3, involving improper preservation of permissions that leaks event details when sharing a non-public calendar event. Public references (NVD, CVE listing, SUSE, CNVD, OpenVAS/NC-SA-2020-013) confirm the issue name and description; CVSS metrics from NVD s...

4.3CVSS4.5AI score0.00714EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/02/04 7:8 p.m.82 views

CVE-2019-15617

CVE-2019-15617 affects Nextcloud Server (17.0.0) and arises from a missing check that allowed an attacker to set up a new second factor during login. Public documents reference the vulnerability and status across multiple sources (NVD/OSV/openvas) with remediation guidance generally recommending ...

5.5CVSS5.6AI score0.00607EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/02/04 7:8 p.m.25 views

CVE-2020-8118

An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application...

6.1AI score0.01287EPSS
Exploits1References4
CVE
CVE
added 2020/02/04 7:8 p.m.71 views

CVE-2020-8120

CVE-2020-8120 describes a reflected XSS in Nextcloud Server 16.0.1 related to SVG logo generation. The issue affects the SVG rendering path (logo) via user-controllable inputs and has a CVSS v3.1 base score of 6.1 (MEDIUM). Public references (NVD/CVE records and Nextcloud advisory) confirm the vu...

6.1CVSS6AI score0.00916EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2020/02/04 7:8 p.m.78 views

CVE-2020-8121

Nextcloud Server 14.0.4 contains a bug where data could be exposed via reshared link shares beyond what the sharer intended. Evidence from multiple sources shows this could allow access to extended data in reshared links, including expired reshared links that still grant access to the full folder...

8.1CVSS7.9AI score0.01036EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2020/02/04 7:8 p.m.167 views

CVE-2019-15623

CVE-2019-15623 affects Nextcloud Server (notably up to 16.0.1 in the description). The issue is an information disclosure where, when the Lookup Server is disabled, the server leaks its domain and user IDs to the Nextcloud Lookup Server. This is classified as a privacy exposure with partial confi...

5.3CVSS5.8AI score0.01924EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2020/02/04 7:8 p.m.157 views

CVE-2019-15621

Nextcloud Server 16.0.1 is affected by CVE-2019-15621: an improper permissions preservation enables sharees to reshare with write permissions when sharing the mount point of a received share via a public link. Root cause is a permissions preservation flaw in the sharing flow; exploitation details...

6.5CVSS6.6AI score0.01056EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2020/02/04 7:8 p.m.20 views

CVE-2020-8119

Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app...

5.8AI score0.00915EPSS
Exploits0References4
CVE
CVE
added 2020/02/04 7:8 p.m.63 views

CVE-2019-15618

CVE-2019-15618 affects Nextcloud Server Updater up to at least 15.0.5, where missing HTML escaping in the Updater allows a reflected XSS when started from a malicious location. The vulnerability is a client-side reflection (no server-state compromise described) that can lead to execution of arbit...

4.8CVSS4.9AI score0.00729EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder