Lucene search
K
NextcloudMost viewed

384 matches found

Nextcloud
Nextcloud
•added 2020/07/15 12:0 a.m.•37 views

Access control missing while viewing the attachments in the 'All boards' (NC-SA-2020-036)

Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments...

4CVSS3.6AI score0.00781EPSS
Exploits1Affected Software1
Nextcloud
Nextcloud
•added 2018/10/25 12:0 a.m.•37 views

Second factor authentication bypassed if provider fails to load (NC-SA-2018-011)

Missing state would not enforce the use of a second factor at login if the the provider of the second factor failed to load...

4.3CVSS2.5AI score0.00811EPSS
Exploits0Affected Software1
Nextcloud
Nextcloud
•added 2017/02/05 12:0 a.m.•37 views

Creation of folders in read-only folders despite lacking permissions (NC-SA-2017-002)

Due to a logical error in the file caching layer an authenticated adversary is able to create empty folders inside a shared folder.Note that this only affects folders and files that the adversary has at least read-only permissions for...

4CVSS2.6AI score0.00666EPSS
Exploits0Affected Software1
Nextcloud
Nextcloud
•added 2024/06/14 2:34 p.m.•36 views

Code injection in Nextcloud Desktop Client for macOS

None...

7.8CVSS7.5AI score0.0032EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2024/01/18 8:38 a.m.•36 views

Can download "view-only" files with the Files ZIP app

None...

4.3CVSS4.8AI score0.00517EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2023/12/18 8:26 a.m.•36 views

Workflows do not require password confirmation on API level

None...

5.4CVSS5.4AI score0.00608EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2023/08/10 7:19 a.m.•36 views

Users can delete external storage mount points

None...

7.7CVSS7.3AI score0.00822EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2023/02/27 3:42 p.m.•36 views

Messages can still be seen on conversation after expiring when cron is misconfigured

None...

4.3CVSS4.8AI score0.00799EPSS
Exploits1References2Affected Software1
Nextcloud
Nextcloud
•added 2022/11/25 11:25 a.m.•36 views

Missing length validation of user displayname allows to generate an SQL error

None...

6.5CVSS6.3AI score0.0099EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2021/06/01 6:12 p.m.•36 views

Files Drop public link can be added as federated share

None...

3.5CVSS4.7AI score0.01034EPSS
Exploits0References1Affected Software1
Nextcloud
Nextcloud
•added 2020/06/04 12:0 a.m.•36 views

Password of share by mail is not hashed when given on the create share call (NC-SA-2020-026)

A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call...

5CVSS1.1AI score0.01889EPSS
Exploits1Affected Software1
Nextcloud
Nextcloud
•added 2019/04/01 12:0 a.m.•36 views

2FA sessions not properly expired on password change (NC-SA-2020-001)

A bug in Nextcloud Server 15.0.2 causes pending 2FA logins to not be correctly expired when the password of the user is reset...

3.2CVSS1.2AI score0.0032EPSS
Exploits0Affected Software1
Nextcloud
Nextcloud
•added 2016/07/19 12:0 a.m.•36 views

Log pollution can potentially lead to local HTML injection (NC-SA-2016-002)

The "download log" functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with an attachment disposition forcing the browser to download the document. However, Firefox running on Microsoft Windows would offer the user to open the data in the...

4.3CVSS0.6AI score0.01493EPSS
Exploits1Affected Software1
Nextcloud
Nextcloud
•added 2024/11/15 1:14 p.m.•35 views

Attachments folder for Text app is accessible on "Files drop" and "Password protected" shares

None...

4.3CVSS5.1AI score0.00513EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2024/06/14 2:29 p.m.•35 views

Missing permission check when removing a photo from an album

None...

3.5CVSS4.8AI score0.00413EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2023/12/18 8:24 a.m.•35 views

Calendar app returns full stacktrace when an error happens while editing appointment

None...

6.5CVSS6.4AI score0.00547EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2022/11/25 11:32 a.m.•35 views

nextcloudcmd incorrectly trusts bad TLS certificates

None...

4.7CVSS4.7AI score0.00201EPSS
Exploits1References3Affected Software1
Nextcloud
Nextcloud
•added 2021/10/25 11:3 a.m.•35 views

Nextcloud Server shipped insecure Archive_Tar version

None...

7.1CVSS7.3AI score0.73377EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2021/06/17 10:30 a.m.•35 views

Malicious Android application can crash the Nextcloud Android Client

None...

5.5CVSS5.5AI score0.00967EPSS
Exploits1References2Affected Software1
Nextcloud
Nextcloud
•added 2021/06/01 6:15 p.m.•35 views

Default Nextcloud Server and iOS Client leak sharee searches to Nextcloud

None...

6.5CVSS6.4AI score0.01367EPSS
Exploits1References1Affected Software1
Nextcloud
Nextcloud
•added 2021/06/01 6:9 p.m.•35 views

End to end encryption folder locking is not properly protected

None...

6.5CVSS6.4AI score0.00722EPSS
Exploits1References1Affected Software1
Nextcloud
Nextcloud
•added 2020/11/18 12:0 a.m.•35 views

Potential DDoS when posting long data into workflow validation rules (NC-SA-2021-001)

A missing input validation in Nextcloud Server 20.0.1 allowed users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage with those rules...

4CVSS3.9AI score0.01557EPSS
Exploits0Affected Software1
Nextcloud
Nextcloud
•added 2020/10/03 12:0 a.m.•35 views

Improper confidentiality protection of server-side encryption keys (NC-SA-2020-040)

Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on...

2.1CVSS3.6AI score0.0032EPSS
Exploits2Affected Software1
Nextcloud
Nextcloud
•added 2020/08/26 12:0 a.m.•35 views

Message Authentication Codes calculated by the Default Encryption Module allow an attacker to silently overwrite blocks in a file (NC-SA-2020-038)

A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed an attacker to overwrite blocks in a file...

5CVSS3.3AI score0.00716EPSS
Exploits1Affected Software1
Nextcloud
Nextcloud
•added 2020/06/04 12:0 a.m.•35 views

Increase random used for encryption (NC-SA-2020-023)

A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended...

3.5CVSS3.3AI score0.00365EPSS
Exploits1Affected Software1
Nextcloud
Nextcloud
•added 2019/11/20 12:0 a.m.•35 views

Missing sanitization in iOS App allows XSS (NC-SA-2020-003)

Missing sanitization in the iOS App 2.24.4 causes an XSS when opening malicious HTML files...

3.5CVSS1.3AI score0.00783EPSS
Exploits0Affected Software1
Nextcloud
Nextcloud
•added 2019/07/26 12:0 a.m.•35 views

Query restriction bypass on exposed FileContentProvider in Android app (NC-SA-2019-011)

Not strictly enough sanitization allowed an attacker to get content information from protected tables when using custom queries...

2.1CVSS2.8AI score0.00507EPSS
Exploits1Affected Software1
Nextcloud
Nextcloud
•added 2025/05/16 8:13 a.m.•34 views

Insecure temporary file creation, race with write access and permission

None...

4.3CVSS5.2AI score0.00409EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2023/12/18 8:25 a.m.•34 views

App PIN code can be bypassed in Files iOS

None...

4.3CVSS4.8AI score0.00288EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2022/11/25 11:30 a.m.•34 views

XSS in Desktop Client via user status and information

None...

5.4CVSS5.4AI score0.00918EPSS
Exploits1References2Affected Software1
Nextcloud
Nextcloud
•added 2021/07/12 9:14 a.m.•34 views

Ratelimit not applied on OCS API responses

None...

5.3CVSS5.4AI score0.01374EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2020/10/20 12:0 a.m.•34 views

XSS through image upload of contacts using svg file (NC-SA-2020-045)

A missing file type check in Nextcloud Contacts 3.3.0 allowed a malicious user to upload malicious SVG files to perform XSS attacks...

3.5CVSS2AI score0.00621EPSS
Exploits1Affected Software1
Nextcloud
Nextcloud
•added 2019/06/26 12:0 a.m.•34 views

User IDs and Nextcloud server leaked to Nextcloud Lookup server with disabled settings (NC-SA-2019-016)

Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled...

5CVSS1.6AI score0.01924EPSS
Exploits1Affected Software1
Nextcloud
Nextcloud
•added 2019/04/12 12:0 a.m.•34 views

Improper share updates could result in extended data access (NC-SA-2019-003)

A bug could expose more data in reshared link shares than intended by the sharer...

5.5CVSS2.2AI score0.01036EPSS
Exploits1Affected Software1
Nextcloud
Nextcloud
•added 2017/05/08 12:0 a.m.•34 views

Reflected XSS in error pages (NC-SA-2017-008)

Inadequate escaping of error messages leads to XSS vulnerabilities in multiple components.Note that Nextcloud employs a strict Content-Security-Policy preventing exploitation of this XSS issue on modern web browsers...

3.5CVSS3.4AI score0.00643EPSS
Exploits1Affected Software1
Nextcloud
Nextcloud
•added 2023/11/21 5:19 a.m.•33 views

Server-Side Request Forgery (SSRF) in Mail app

None...

9.8CVSS8.7AI score0.00866EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2021/06/08 4:31 p.m.•33 views

Sensitive data may not be removed from storage on account removal

None...

4.7CVSS4.8AI score0.00303EPSS
Exploits1References1Affected Software1
Nextcloud
Nextcloud
•added 2020/08/26 12:0 a.m.•33 views

Downgrade encryption scheme and break integrity through known-plaintext attack (NC-SA-2020-039)

A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files...

1.9CVSS2.8AI score0.00286EPSS
Exploits2Affected Software1
Nextcloud
Nextcloud
•added 2020/02/07 12:0 a.m.•33 views

Secure view shares can be downloaded by manipulating the URL (NC-SA-2020-015)

A missing access control check in Nextcloud Server 18.0.0 causes hide-download shares to be downloadable when appending /download to the URL...

4CVSS2.4AI score0.01536EPSS
Exploits0Affected Software1
Nextcloud
Nextcloud
•added 2018/10/25 12:0 a.m.•33 views

Improper validation of permissions (NC-SA-2018-010)

Improper revalidation of permissions lead to not accepting access restrictions by acess tokens...

5.5CVSS3.5AI score0.00957EPSS
Exploits0Affected Software1
Nextcloud
Nextcloud
•added 2018/06/21 12:0 a.m.•33 views

Improper validation on OAuth2 token endpoint (NC-SA-2018-003)

Improper validation of input allowed an attacker with access to the OAuth2 refresh token to obtain new tokens...

5.8CVSS3.9AI score0.01657EPSS
Exploits0Affected Software1
Nextcloud
Nextcloud
•added 2017/02/05 12:0 a.m.•33 views

Content-Spoofing in "files" app (NC-SA-2017-006)

The top navigation bar displayed in the files list contained partially user-controllable input leading to a potential misrepresentation of information...

4.3CVSS2.3AI score0.01537EPSS
Exploits0Affected Software1
Nextcloud
Nextcloud
•added 2016/10/10 12:0 a.m.•33 views

Reflected XSS in Gallery application (NC-SA-2016-009)

The gallery app was not properly sanitizing exception messages from the Nextcloud server. Due to an endpoint where an attacker could influence the error message this lead to a reflected Cross-Site-Scripting vulnerability...

4.3CVSS2.2AI score0.01656EPSS
Exploits1Affected Software1
Nextcloud
Nextcloud
•added 2024/11/15 1:10 p.m.•32 views

Missing password confirmation when changing external storage options

None...

5.4CVSS5.1AI score0.00529EPSS
Exploits0References5Affected Software1
Nextcloud
Nextcloud
•added 2024/06/14 2:30 p.m.•32 views

Event create can create attachments that link to other websites

None...

4.6CVSS4.9AI score0.00362EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2023/04/17 8:12 a.m.•32 views

Users can set up workflows using restricted and invisible system tags

None...

8.8CVSS8.1AI score0.00627EPSS
Exploits0References3Affected Software1
Nextcloud
Nextcloud
•added 2023/04/03 12:59 p.m.•32 views

Full path of data directory exposed to users

None...

4.3CVSS4.8AI score0.00813EPSS
Exploits1References3Affected Software1
Nextcloud
Nextcloud
•added 2022/08/04 6:12 a.m.•32 views

Federated share accepting/declining is not logged in audit log

None...

2.7CVSS4.5AI score0.00697EPSS
Exploits0References2Affected Software1
Nextcloud
Nextcloud
•added 2020/07/10 12:0 a.m.•32 views

Linux client is vulnerable to directory traversal when downloading files (NC-SA-2020-032)

Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory...

7.1CVSS3.5AI score0.2245EPSS
Exploits1Affected Software1
Nextcloud
Nextcloud
•added 2020/07/10 12:0 a.m.•32 views

Clear text storage of proxy parameters and passwords (NC-SA-2020-031)

A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials...

5CVSS3.5AI score0.0091EPSS
Exploits0Affected Software1
Total number of security vulnerabilities384