Lucene search
K

4993 matches found

OSV
OSV
added 2018/05/09 6:33 p.m.3 views

MGASA-2018-0226 Updated nextcloud packages fix security vulnerabilities and update version

Mageia 6 brings Nextcloud 11, which is not supported anymore upstream. This update brings version 12 with several security fixes. The database system is now in a separate package, so you will have to choose manually the one you are using...

7.2AI score
Exploits0References3
Mageia
Mageia
added 2018/05/09 6:33 p.m.11 views

Updated nextcloud packages fix security vulnerabilities and update version

Mageia 6 brings Nextcloud 11, which is not supported anymore upstream. This update brings version 12 with several security fixes. The database system is now in a separate package, so you will have to choose manually the one you are using...

4.3AI score
Exploits0References2
Hacker One
Hacker One
added 2018/05/08 8:32 a.m.30 views

Nextcloud: Banner Grabbing - Apache Server Version Disclosure

I have found a little information disclosure on your system. Banner Grabbing is a technique used to gain information about a remote server. Additionally, this technique is use to get information about remote servers. I've captured the HTTP request while visiting...

0.8AI score
Exploits0
Hacker One
Hacker One
added 2018/05/05 3:38 p.m.32 views

Nextcloud: Click Jacking Nextcloud

Hello Security, Clickjacking User Interface redress attack, UI redress attack, UI redressing is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking contro...

0.3AI score
Exploits0
OpenVAS
OpenVAS
added 2018/05/02 12:0 a.m.35 views

Nextcloud Server Authorization Bypass Vulnerability (May 2018) - Windows

Nextcloud Server is prone to authorization bypass vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5.7CVSS5.6AI score0.00778EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2018/05/02 12:0 a.m.22 views

Nextcloud Server Authorization Bypass Vulnerability (May 2018) - Linux

Nextcloud Server is prone to authorization bypass vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5.7CVSS5.6AI score0.00778EPSS
Exploits0References1
Hacker One
Hacker One
added 2018/04/25 5:3 p.m.134 views

Nextcloud: OAuth2 Access Token and App Password Security Vulnerability

The OAuth2 endpoint of the Nextcloud server was not following RFC6749. The server did not perform required verification of provided data. And the server did not properly rotate and expire access tokens. In case of a compromised OAuth client this could lead to unauthorized access. After working...

5.8CVSS2.6AI score0.01657EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/04/23 12:0 a.m.35 views

openSUSE Security Update : nextcloud (openSUSE-2018-384)

This update for nextcloud fixes the following issues : Security issue fixed : - CVE-2017-0936: Nextcloud Server before 11.0.7 suffers from an Authorization Bypass Through User-Controlled Key vulnerability boo1087402. Bug fixes : - See online release notes for all relevant changes...

5.7CVSS5.8AI score0.00778EPSS
Exploits0References3
Hacker One
Hacker One
added 2018/04/20 12:29 p.m.33 views

Nextcloud: Bruteforce in admin panel

Hello there, Admin panel of your website https://nextcloud.com/wp-login.php is vulnerable to bruteforce attacks as their is no rate-limiting. Impact Can gain access to admin panel. To fix this, Just add rate limiting...

1.2AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2018/04/12 12:0 a.m.6 views

The vulnerability of the cloud platform NextCloud in the operating system OpenSUSE Leap allows a hacker to gain root privileges.

The vulnerability of the cloud platform NextCloud in the operating system OpenSUSE Leap is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain root privileges during package updates using scripts located in the...

9CVSS5.5AI score0.01202EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2018/04/03 12:0 a.m.3 views

Nextcloud Server Design Vulnerability

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud Server is a server version of it. A security vulnerability exists in Nextcloud Server versions prior to 11.0.7 and prior to 12.0.5. An attacker coul...

5.7CVSS6.7AI score0.00778EPSS
Exploits0References1
Hacker One
Hacker One
added 2018/03/30 10:36 p.m.101 views

Nextcloud: Extremly simple way to bypass Nextcloud-Client PIN/Fingerprint lock

I'm sorry for my bad English, I'm German How to reproduce this security bug. Step 1: Take a normal Android smartphone maybe it also works on iOS, but I have not tested it yet. Step 2: Install the official nextcloud-client. Step 3: Set up nextcloud: Open the nextcloud app, tap on "Skip", enter the...

3.6CVSS6.1AI score0.00469EPSS
Exploits1
Prion
Prion
added 2018/03/28 8:29 p.m.19 views

Authorization

Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. A missing ownership check allowed logged-in users to change the scope of app passwords of other users. Note that the app passwords themselves where neither disclosed nor could...

4.9CVSS5.5AI score0.00778EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2018/03/28 8:29 p.m.21 views

CVE-2017-0936

Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. A missing ownership check allowed logged-in users to change the scope of app passwords of other users. Note that the app passwords themselves where neither disclosed nor could...

5.7CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2018/03/28 8:29 p.m.26 views

CVE-2017-0936

Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. A missing ownership check allowed logged-in users to change the scope of app passwords of other users. Note that the app passwords themselves where neither disclosed nor could...

5.7CVSS5.5AI score0.00778EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/03/28 8:0 p.m.32 views

CVE-2017-0936

Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. A missing ownership check allowed logged-in users to change the scope of app passwords of other users. Note that the app passwords themselves where neither disclosed nor could...

5.4AI score0.00778EPSS
Exploits0References2
CVE
CVE
added 2018/03/28 8:0 p.m.61 views

CVE-2017-0936

CVE-2017-0936 affects Nextcloud Server prior to 11.0.7 and 12.0.5, where an Authorization Bypass Through User-Controlled Key vulnerability exists due to a missing ownership check. This allows logged-in users to change the scope of app passwords for other users. The app passwords themselves are no...

5.7CVSS5.3AI score0.00778EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2018/03/02 12:0 a.m.3 views

Micro Focus openSUSE NextCloud Elevation of Privilege Vulnerability

Micro Focus openSUSE is a Linux-based free operating system from Micro Focus in the U.K. NextCloud is a private cloud building software used in it. A security vulnerability exists in NextCloud in Micro Focus openSUSE, which stems from the program failing to securely use /srv/www/htdocs. During a...

9CVSS6.9AI score0.01202EPSS
Exploits0References1
NVD
NVD
added 2018/03/01 8:29 p.m.23 views

CVE-2017-9286

The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrade...

9CVSS8.1AI score0.01202EPSS
Exploits0References3
OSV
OSV
added 2018/03/01 8:29 p.m.4 views

CVE-2017-9286

The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsafe manner, which could have allowed scripts running as wwwrun user to escalate privileges to root during nextcloud package upgrade...

8.8CVSS5.8AI score0.01202EPSS
Exploits0References3
Rows per page
Query Builder