Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
NextcloudNextcloud Server

169 matches found

CVE
CVEadded 2018/08/12 10:29 p.m.44 views

CVE-2018-3776

Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker's actions not being logged in the audit log.

5.3CVSS5.1AI score0.0055EPSS
CVE
CVEadded 2019/07/30 9:15 p.m.44 views

CVE-2019-5451

Bypass lock protection in the Nextcloud Android app prior to version 3.6.1 allows accessing the files when repeatedly opening and closing the app in a very short time.

4.6CVSS4.6AI score0.00069EPSS
CVE
CVEadded 2024/11/15 5:15 p.m.44 views

CVE-2024-52521

Nextcloud Server is a self hosted personal cloud system. MD5 hashes were used to check background jobs for their uniqueness. This increased the chances of a background job with arguments falsely being identified as already existing and not be queued for execution. By changing the Hash to SHA256 the...

5.3CVSS3.6AI score0.0007EPSS
CVE
CVEadded 2018/10/30 9:29 p.m.43 views

CVE-2018-16463

A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could potentially allow an attacker to obtain access to password protected shares.

3.6CVSS3.9AI score0.00132EPSS
CVE
CVEadded 2018/10/30 9:29 p.m.43 views

CVE-2018-16466

Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrictions by acess tokens.

8.1CVSS7.9AI score0.00126EPSS
CVE
CVEadded 2020/11/09 3:15 p.m.43 views

CVE-2020-8150

A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files.

4.1CVSS4.4AI score0.00036EPSS
CVE
CVEadded 2020/10/05 2:15 p.m.43 views

CVE-2020-8223

A logic error in Nextcloud Server 19.0.0 caused a privilege escalation allowing malicious users to reshare with higher permissions than they got assigned themselves.

6.5CVSS6.6AI score0.0027EPSS
CVE
CVEadded 2017/03/28 2:59 a.m.42 views

CVE-2016-9465

Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDAV image export functionality as implemented in Nextcloud/ownCloud allows the download of images stored within a vCard. Due to not performing any kind of verification on ...

5.4CVSS5.2AI score0.00497EPSS
CVE
CVEadded 2020/11/02 9:15 p.m.42 views

CVE-2020-8173

A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended.

3.5CVSS4.5AI score0.00276EPSS
CVE
CVEadded 2020/11/02 9:15 p.m.42 views

CVE-2020-8236

A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor verification by asking for the PIN of the passwordless WebAuthn but not verifying it.

6.8CVSS6.6AI score0.00234EPSS
CVE
CVEadded 2023/04/03 5:15 p.m.42 views

CVE-2023-28834

Nextcloud Server is an open source personal cloud server. Nextcloud Server 24.0.0 until 24.0.6 and 25.0.0 until 25.0.4, as well as Nextcloud Enterprise Server 23.0.0 until 23.0.11, 24.0.0 until 24.0.6, and 25.0.0 until 25.0.4, have an information disclosure vulnerability. A user was able to get the...

4.3CVSS4AI score0.00785EPSS
CVE
CVEadded 2017/03/28 2:59 a.m.41 views

CVE-2016-9461

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on a WebDAV COPY action. This allowed an authenticated attacker with access to a read-only share to pu...

4.3CVSS4.6AI score0.0076EPSS
CVE
CVEadded 2017/03/28 2:59 a.m.41 views

CVE-2016-9462

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file. The restore capability of Nextcloud/ownCloud was not verifying whether a user has only read-only access to a share. Thus a user with read-only access was able to restor...

4.3CVSS4.8AI score0.00455EPSS
CVE
CVEadded 2017/03/28 2:59 a.m.41 views

CVE-2016-9468

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of information.

5.3CVSS5.4AI score0.00301EPSS
CVE
CVEadded 2018/10/30 9:29 p.m.41 views

CVE-2018-16465

Missing state in Nextcloud Server prior to 14.0.0 would not enforce the use of a second factor at login if the the provider of the second factor failed to load.

5.3CVSS5.1AI score0.00149EPSS
CVE
CVEadded 2023/02/25 12:15 a.m.41 views

CVE-2023-25816

Nextcloud is an Open Source private cloud software. Versions 25.0.0 and above, prior to 25.0.3, are subject to Uncontrolled Resource Consumption. A user can configure a very long password, consuming more resources on password validation than desired. This issue is patched in 25.0.3 No workaround is...

6.5CVSS5.2AI score0.00136EPSS
CVE
CVEadded 2020/11/09 3:15 p.m.40 views

CVE-2020-8133

A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed an attacker to overwrite blocks in a file.

5.3CVSS5.1AI score0.00169EPSS
CVE
CVEadded 2021/03/03 6:15 p.m.40 views

CVE-2020-8296

Nextcloud Server prior to 20.0.0 stores passwords in a recoverable format even when external storage is not configured.

6.7CVSS6.5AI score0.00245EPSS
CVE
CVEadded 2018/10/30 9:29 p.m.35 views

CVE-2018-16464

A missing access check in Nextcloud Server prior to 14.0.0 could lead to continued access to password protected link shares when the owner had changed the password.

5.7CVSS5.5AI score0.00222EPSS
Total number of security vulnerabilities169