Lucene search
K
NextcloudMost viewed

384 matches found

Nextcloud
Nextcloud
•added 2020/10/03 12:0 a.m.•45 views

Denial of Service by requesting to reset a password (NC-SA-2021-003)

A wrong check in Nextcloud Server 19 and prior allowed to perform a denial of service attack when resetting the password for a user...

5CVSS3.2AI score0.01807EPSS
Exploits1Affected Software1
Nextcloud
Nextcloud
•added 2020/03/24 12:0 a.m.•45 views

Mail app not verifying TLS host of mail servers (NC-SA-2020-020)

A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack...

6.8CVSS2.9AI score0.00933EPSS
Exploits0Affected Software1
Nextcloud
Nextcloud
•added 2024/11/15 1:11 p.m.•44 views

Mail app does not respect download permissions in shares

None...

5.7CVSS5.2AI score0.00502EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2022/11/25 11:30 a.m.•44 views

XSS in Desktop Client in the notifications

None...

5.4CVSS5.4AI score0.00897EPSS
Exploits1References2Affected Software1
Nextcloud
Nextcloud
•added 2021/10/25 11:13 a.m.•44 views

Missing permission check on Deck API

None...

8.1CVSS7.9AI score0.01293EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2021/10/25 11:0 a.m.•44 views

File path disclosure of shared files in OfficeOnline application

None...

5.3CVSS5.6AI score0.00849EPSS
Exploits0References1Affected Software1
Nextcloud
Nextcloud
•added 2021/06/17 10:32 a.m.•44 views

Malicious Android app could access Shared Preferences of the Nextcloud Android client

None...

4.3CVSS4.5AI score0.00881EPSS
Exploits1References2Affected Software1
Nextcloud
Nextcloud
•added 2021/05/31 3:51 p.m.•44 views

Alias creation did not validate account ID

None...

4.3CVSS4.8AI score0.00988EPSS
Exploits0References1Affected Software1
Nextcloud
Nextcloud
•added 2020/08/03 12:0 a.m.•44 views

Missing rate limit on signup page (NC-SA-2020-033)

A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times...

5CVSS4.3AI score0.01906EPSS
Exploits1Affected Software1
Nextcloud
Nextcloud
•added 2020/07/10 12:0 a.m.•44 views

XSS in desktop client via invalid server address on login form (NC-SA-2020-027)

A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html including local links when responding with invalid data on the login attempt...

3.5CVSS0.9AI score0.01401EPSS
Exploits1Affected Software1
Nextcloud
Nextcloud
•added 2021/10/25 11:0 a.m.•43 views

XSS in Contacts

None...

6.4CVSS5.6AI score0.00504EPSS
Exploits0References1Affected Software1
Nextcloud
Nextcloud
•added 2021/08/18 2:45 p.m.•43 views

End-to-end encryption device setup did not verify public key

None...

6.5CVSS6.3AI score0.00851EPSS
Exploits1References2Affected Software1
Nextcloud
Nextcloud
•added 2019/08/12 12:0 a.m.•43 views

Group admins can create users with IDs of system folders (NC-SA-2019-015)

Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders...

4CVSS4AI score0.01472EPSS
Exploits1Affected Software1
Nextcloud
Nextcloud
•added 2024/01/18 8:42 a.m.•42 views

All users can reset the allowed apps list for Guest App users

None...

4.3CVSS4.8AI score0.00462EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2023/10/16 7:24 a.m.•42 views

Require strict cookies for image proxy requests

None...

4.3CVSS4.8AI score0.00601EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2023/04/25 9:11 a.m.•42 views

Missing brute force protection for passwords of password protected share links

None...

7.5CVSS7.3AI score0.00774EPSS
Exploits1References2Affected Software1
Nextcloud
Nextcloud
•added 2022/08/04 6:25 a.m.•42 views

Missing brute force protection on cloud federation sharing

None...

6.5CVSS5AI score0.00618EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2021/07/12 9:23 a.m.•42 views

File path disclosure of shared files in Nextcloud Text application

None...

5.3CVSS5.4AI score0.01381EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2021/06/01 6:2 p.m.•42 views

Ratelimiting can be bypassed using IPv6 subnets

None...

9.8CVSS8.6AI score0.01739EPSS
Exploits0References1Affected Software1
Nextcloud
Nextcloud
•added 2024/11/15 1:18 p.m.•41 views

Global credentials of external storages are sent back to the frontend

None...

5.9CVSS5.1AI score0.00589EPSS
Exploits0References4Affected Software1
Nextcloud
Nextcloud
•added 2023/10/16 7:19 a.m.•41 views

Rate limiter not working reliable when Memcached is installed

None...

4.3CVSS4.7AI score0.00699EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2023/06/22 1:24 p.m.•41 views

User scoped external storage can be used to gather credentials of other users

None...

8.8CVSS8AI score0.00981EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2023/04/04 7:55 a.m.•41 views

Initialization vector reuse in end-to-end encryption allows a malicious server admin to break manipulate and access files

None...

6.7CVSS6.3AI score0.01113EPSS
Exploits1References2Affected Software1
Nextcloud
Nextcloud
•added 2022/12/01 9:33 a.m.•41 views

Disabled download shares still allow download through preview images

None...

5.3CVSS5.5AI score0.00598EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2021/06/01 5:50 p.m.•41 views

SSL certificate was not validated in Provider Registration Flow

None...

5.9CVSS5.7AI score0.01031EPSS
Exploits1References2Affected Software1
Nextcloud
Nextcloud
•added 2021/01/25 12:0 a.m.•41 views

External storage credentials stored for wrong user (NC-SA-2021-004)

A missing user check in Nextcloud 20.0.5 and prior allowed to populate your own credentials for other users external storage configuration when they did not configure one yet...

5.5CVSS3AI score0.01686EPSS
Exploits1Affected Software1
Nextcloud
Nextcloud
•added 2019/06/27 12:0 a.m.•41 views

Improper permission preservation on reshares (NC-SA-2020-012)

Improper permissions preservation in Nextcloud Server 16.0.1 causes sharees to be able to reshare with write permissions when sharing the mount point of a share they received, as a public link...

4CVSS2.2AI score0.01056EPSS
Exploits0Affected Software1
Nextcloud
Nextcloud
•added 2024/06/14 2:35 p.m.•40 views

ID4me does not validate signature or expiration

None...

5.4CVSS5.6AI score0.0024EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2023/10/16 7:22 a.m.•40 views

Inviting excessive long email addresses to a calendar event makes the server unresponsive

None...

4.3CVSS4.8AI score0.00386EPSS
Exploits1References2Affected Software1
Nextcloud
Nextcloud
•added 2023/10/16 7:22 a.m.•40 views

OAuth2 client_secret stored in plain text in the database

None...

8.8CVSS8AI score0.00484EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2023/10/16 7:20 a.m.•39 views

Password of talk conversations can be bruteforced

None...

4.3CVSS4.8AI score0.0048EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2023/04/04 7:54 a.m.•39 views

Lack of authenticity of metadata keys allows a malicious server to gain access to E2EE folders

None...

6.9CVSS6.4AI score0.00678EPSS
Exploits1References2Affected Software1
Nextcloud
Nextcloud
•added 2022/12/01 9:32 a.m.•39 views

No password length limit when creating a user as an administrator

None...

2.7CVSS4.5AI score0.00806EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2021/10/25 10:59 a.m.•39 views

Bypass of image blocking in Nextcloud Mail

None...

3.5CVSS4.9AI score0.00759EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2020/10/03 12:0 a.m.•39 views

External storage app saves password for all users in the database (NC-SA-2021-006)

A missing condition in Nextcloud Server 19 and prior caused the external storage app to always store the users password in a recoverable format...

4.6CVSS2.8AI score0.00512EPSS
Exploits1Affected Software1
Nextcloud
Nextcloud
•added 2023/03/30 8:13 a.m.•38 views

Reference fetch can saturate the server bandwidth for 10 seconds

None...

7.5CVSS7.3AI score0.00624EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2023/01/09 5:44 a.m.•38 views

Vulnerable moment-timezone version shipped

None...

5.3AI score
Exploits0References4Affected Software1
Nextcloud
Nextcloud
•added 2022/05/30 10:58 a.m.•38 views

Improper input-size validation on the user new session name

None...

4.3CVSS4.8AI score0.0143EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2021/06/01 6:19 p.m.•38 views

Malicious user could break user administration page

None...

4.3CVSS4.7AI score0.01823EPSS
Exploits0References1Affected Software1
Nextcloud
Nextcloud
•added 2021/02/24 12:0 a.m.•38 views

Missing URL validation allowed RCE for the server on the Desktop client (NC-SA-2021-008)

Missing validation of URLs in Nextcloud Desktop Client 3.1.2 and earlier allowed a malicious server to execute code on the client. User interaction was required...

6.8CVSS2.8AI score0.04698EPSS
Exploits1Affected Software1
Nextcloud
Nextcloud
•added 2020/08/25 12:0 a.m.•38 views

PIN for passwordless WebAuthn is asked for but not verified (NC-SA-2020-037)

A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor verification by asking for the PIN of the passwordless WebAuthn but not verifying it...

4.6CVSS2.3AI score0.00582EPSS
Exploits1Affected Software1
Nextcloud
Nextcloud
•added 2020/03/18 12:0 a.m.•38 views

Missing ownership check on remote wipe endpoint (NC-SA-2020-018)

An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint...

6.8CVSS4.4AI score0.01773EPSS
Exploits1Affected Software1
Nextcloud
Nextcloud
•added 2020/02/17 12:0 a.m.•38 views

Code injection in Nextcloud Desktop Client for macOS (NC-SA-2020-016)

A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLDINSERTLIBRARIES set in the enviroment...

4.6CVSS3AI score0.00689EPSS
Exploits1Affected Software1
Nextcloud
Nextcloud
•added 2016/10/10 12:0 a.m.•38 views

SMB User Authentication Bypass (NC-SA-2016-006)

Nextcloud includes an optional and not by default enabled SMB authentication component that allows to authenticate users against an SMB server.This backend is implemented in a way that it tries to connect to a SMB server and if that succeeded consider the user logged-in.The backend did not proper...

6.8CVSS8.2AI score0.04095EPSS
Exploits1Affected Software1
Nextcloud
Nextcloud
•added 2016/07/19 12:0 a.m.•38 views

Read-only share recipient can restore old versions of file (NC-SA-2016-005)

The restore capability of Nextcloud was not verifying whether an user has only read-only access to a share. Thus an user with read-only access was able to restore old versions...

4CVSS3.1AI score0.01874EPSS
Exploits1Affected Software1
Nextcloud
Nextcloud
•added 2024/06/14 2:34 p.m.•37 views

Users can delete old versions of read-only shared files

None...

5.4CVSS5.5AI score0.00371EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2023/11/21 5:24 a.m.•37 views

Self XSS when pasting HTML into Text app with Ctrl+Shift+V

None...

5.4CVSS5.4AI score0.00571EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2023/03/27 10:31 a.m.•37 views

Delete permissions are not saved when creating public share

None...

8.1CVSS7.8AI score0.00564EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2023/02/13 1:47 p.m.•37 views

Missing rate limiting on password reset functionality allows sending lots of emails

None...

5.3CVSS5.5AI score0.00729EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2021/06/01 6:12 p.m.•37 views

Files Drop public link can be added as federated share

None...

3.5CVSS4.7AI score0.01034EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities384