4 matches found
CVE-2019-15613
CVE-2019-15613 affects Nextcloud Server 17.0.1, where a bug causes workflow rules to depend on the file extension when checking MIME types. This can impact all three security properties (confidentiality, integrity, availability) per CVSS metrics (NVD: AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H; base sco...
CVE-2020-8119
CVE-2020-8119 affects Nextcloud Server 17.0.0 and is described as improper authorization that leaks previews and files when a file-drop share link is opened via the gallery app. The connected updates show this vulnerability being addressed in Nextcloud-related security updates (e.g., openSUSE/SUS...
CVE-2020-8139
CVE-2020-8139 affects Nextcloud Server versions older than 18.0.1, 17.0.4 and 16.0.9, where a missing access control check allows hide-download shares to be downloaded when the URL is appended with /download. Connected documents confirm this is a remote access control vulnerability with potential...
CVE-2020-8138
CVE-2020-8138: Nextcloud Server is vulnerable to a Server-Side Request Forgery (SSRF) when subscribing to a malicious calendar URL due to a missing check for IPv4 nested inside IPv6. Affected versions are Nextcloud Server < 17.0.1, < 16.0.7, and