Nextcloud - Page 2 of Nextcloud Most Viewed Vulnerabilities List

Nextcloud•added 2020/04/20 12:0 a.m.•48 views

Code injection possible with malformed Nextcloud Talk chat commands (NC-SA-2020-021)

A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed a code injection when a not correctly sanitized talk command was added by an administrator...

6.5CVSS2.6AI score0.01668EPSS

Nextcloud•added 2023/06/22 1:22 p.m.•47 views

System addressbooks can be modified by malicious trusted server

None...

8.1CVSS7.8AI score0.00769EPSS

Nextcloud•added 2021/09/06 8:37 a.m.•47 views

Exceptions may have logged Encryption-at-Rest key content

None...

5.5CVSS5.5AI score0.00231EPSS

Nextcloud•added 2024/01/18 8:39 a.m.•46 views

OAuth2 authorization codes are valid indefinetly

None...

3.7CVSS4.7AI score0.00452EPSS

Nextcloud•added 2023/10/13 8:9 a.m.•46 views

Improper restriction of excessive authentication attempts on WebDAV endpoint

None...

7.5CVSS7.2AI score0.00575EPSS

Nextcloud•added 2023/08/10 7:19 a.m.•46 views

Existance of calendars and addressbooks can be checked by unauthenticated users

None...

5.3CVSS5.4AI score0.00488EPSS

Nextcloud•added 2019/07/26 12:0 a.m.•46 views

SQL Injection in lookup-server (NC-SA-2019-010)

Improper sanitation of user input allowed any unauthenticated user to perform SQL injection attacks...

7.5CVSS3.7AI score0.01788EPSS

Nextcloud•added 2024/11/15 1:8 p.m.•45 views

Custom defined credentials of external storages are sent back to the frontend

None...

6.5CVSS5.1AI score0.0063EPSS

Exploits0References3Affected Software1

Nextcloud•added 2023/03/27 10:32 a.m.•45 views

Missing brute force protection on password reset token

None...

7.1CVSS6.9AI score0.00602EPSS

Nextcloud•added 2023/02/24 7:22 a.m.•46 views

No password length restriction in reset password endpoint

None...

6.5CVSS6.3AI score0.01373EPSS

Nextcloud•added 2021/10/25 11:50 a.m.•45 views

Two-Factor Authentication not enforced for pages marked as public

None...

6.5CVSS6.3AI score0.01157EPSS

Nextcloud•added 2021/10/25 11:0 a.m.•45 views

File path disclosure of shared files in Richdocuments application

None...

5.3CVSS5.6AI score0.01021EPSS

Nextcloud•added 2023/02/06 9:46 a.m.•44 views

Self reflected HTML injection in Desktop client

None...

6.1CVSS6AI score0.00657EPSS

Nextcloud•added 2023/01/09 5:45 a.m.•44 views

Deck card reference caching can leak data to unauthorized users

None...

5.8CVSS4.9AI score0.00687EPSS

Nextcloud•added 2021/07/12 9:20 a.m.•44 views

Bypass of image blocking in Nextcloud Mail

None...

4.3CVSS4.8AI score0.01146EPSS

Nextcloud•added 2020/11/18 12:0 a.m.•44 views

Stored XSS in markdown file with Nextcloud Talk using Internet Explorer (NC-SA-2021-002)

A missing link validation in Nextcloud Server 20.0.1 allowed to execute a stored XSS attack on Internet Explorer users by saving a javascript url in a Markdown...

3.5CVSS3.3AI score0.00901EPSS

Nextcloud•added 2022/09/16 4:52 a.m.•43 views

Last video frame is still sent after video is disabled in a call

None...

5.3CVSS5.5AI score0.00523EPSS

Nextcloud•added 2021/09/06 8:39 a.m.•43 views

File Drop can be bypassed using Richdocuments app

None...

7.5CVSS7.4AI score0.02023EPSS

Nextcloud•added 2020/10/03 12:0 a.m.•43 views

Denial of Service by requesting to reset a password (NC-SA-2021-003)

A wrong check in Nextcloud Server 19 and prior allowed to perform a denial of service attack when resetting the password for a user...

5CVSS3.2AI score0.01807EPSS

Nextcloud•added 2020/03/24 12:0 a.m.•43 views

Mail app not verifying TLS host of mail servers (NC-SA-2020-020)

A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack...

6.8CVSS2.9AI score0.00933EPSS

Nextcloud•added 2023/03/30 8:21 a.m.•42 views

Insecure randomness for default password in file sharing when password policy app is disabled

None...

7.5CVSS7.3AI score0.0054EPSS

Nextcloud•added 2021/09/06 8:41 a.m.•42 views

Secret Circle can be joined without approval

None...

6.5CVSS6.4AI score0.01163EPSS

Nextcloud•added 2021/06/01 6:6 p.m.•42 views

Missing permission check on email metadata retrieval

None...

8.8CVSS4.8AI score0.01107EPSS

Exploits1References1Affected Software1

Nextcloud•added 2024/06/14 2:26 p.m.•41 views

Ability to by-pass second factor

None...

7.5CVSS7.2AI score0.00402EPSS

Nextcloud•added 2023/11/21 5:21 a.m.•41 views

Can enable/disable birthday calendar for any user

None...

4.3CVSS4.7AI score0.00604EPSS

Nextcloud•added 2023/05/25 9:26 a.m.•41 views

Blind SSRF in the Mail app on avatar endpoint

None...

5.3CVSS5.5AI score0.00529EPSS

Nextcloud•added 2022/09/15 8:30 a.m.•41 views

Authentication header is passed on by Nextcloud Server due to a vulnerable GuzzleHTTP version

None...

7.5CVSS7.3AI score0.0058EPSS

Nextcloud•added 2021/10/25 11:0 a.m.•41 views

File path disclosure of shared files in OfficeOnline application

None...

5.3CVSS5.6AI score0.00849EPSS

Nextcloud•added 2021/10/25 11:0 a.m.•41 views

XSS in Contacts

None...

6.4CVSS5.6AI score0.00504EPSS

Nextcloud•added 2021/08/18 2:45 p.m.•41 views

End-to-end encryption device setup did not verify public key

None...

6.5CVSS6.3AI score0.00851EPSS

Nextcloud•added 2021/07/12 9:17 a.m.•41 views

Nextcloud Talk not properly disassociating users from chats after account deletion

None...

8.1CVSS6.4AI score0.01EPSS

Nextcloud•added 2021/06/17 10:32 a.m.•41 views

Malicious Android app could access Shared Preferences of the Nextcloud Android client

None...

4.3CVSS4.5AI score0.00881EPSS

Nextcloud•added 2020/07/10 12:0 a.m.•41 views

XSS in desktop client via invalid server address on login form (NC-SA-2020-027)

A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html including local links when responding with invalid data on the login attempt...

3.5CVSS0.9AI score0.01401EPSS

Nextcloud•added 2019/08/12 12:0 a.m.•41 views

Group admins can create users with IDs of system folders (NC-SA-2019-015)

Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders...

4CVSS4AI score0.01472EPSS

Nextcloud•added 2023/04/25 9:11 a.m.•40 views

Missing brute force protection for passwords of password protected share links

None...

7.5CVSS7.3AI score0.00774EPSS

Nextcloud•added 2023/04/04 7:55 a.m.•40 views

Desktop clients misbehaves with end-to-end encryption when the server returns an empty list of metadata keys

None...

6.7CVSS6.2AI score0.00679EPSS

Nextcloud•added 2023/02/13 1:48 p.m.•40 views

SSRF via filter bypass due to lax checking on IPs

None...

5.3CVSS5.5AI score0.00816EPSS

Nextcloud•added 2021/10/25 10:59 a.m.•40 views

XSS in Talk

None...

6.4CVSS6.2AI score0.01063EPSS

Nextcloud•added 2021/06/01 6:2 p.m.•40 views

Ratelimiting can be bypassed using IPv6 subnets

None...

9.8CVSS8.6AI score0.01739EPSS

Nextcloud•added 2021/06/01 5:50 p.m.•40 views

SSL certificate was not validated in Provider Registration Flow

None...

5.9CVSS5.7AI score0.01031EPSS

Nextcloud•added 2021/05/31 3:51 p.m.•40 views

Alias creation did not validate account ID

None...

4.3CVSS4.8AI score0.00988EPSS

Nextcloud•added 2020/08/03 12:0 a.m.•40 views

Missing rate limit on signup page (NC-SA-2020-033)

A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times...

5CVSS4.3AI score0.01883EPSS

Nextcloud•added 2019/06/27 12:0 a.m.•40 views

Improper permission preservation on reshares (NC-SA-2020-012)

Improper permissions preservation in Nextcloud Server 16.0.1 causes sharees to be able to reshare with write permissions when sharing the mount point of a share they received, as a public link...

4CVSS2.2AI score0.01056EPSS

Nextcloud•added 2023/10/16 7:19 a.m.•39 views

Rate limiter not working reliable when Memcached is installed

None...

4.3CVSS4.7AI score0.00699EPSS

Nextcloud•added 2023/06/22 6:15 a.m.•39 views

Open redirect on "Unsupported browser" warning

None...

6.1CVSS6AI score0.00484EPSS