Nextcloud Server Security Vulnerabilities and Issues — Nextcloud Server CVE List

Lucene search

NextcloudNextcloud Server

9 matches found

CVE•added 2017/03/28 2:59 a.m.•58 views

CVE-2016-9459

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS. The download log functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with an attachment dispos...

6.1CVSS5.8AI score0.00494EPSS

CVE•added 2017/03/28 2:59 a.m.•50 views

CVE-2016-9463

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. Nextcloud/ownCloud include an optional and not by default enabled SMB authentication component that allows authenticating users against an SMB server. This backend ...

8.1CVSS8.2AI score0.03864EPSS

CVE•added 2017/03/28 2:59 a.m.•48 views

CVE-2016-9467

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display ...

5.3CVSS5.8AI score0.01045EPSS

CVE•added 2017/03/28 2:59 a.m.•47 views

CVE-2016-9464

Nextcloud Server before 9.0.54 and 10.0.0 suffers from an improper authorization check on removing shares. The Sharing Backend as implemented in Nextcloud does differentiate between shares to users and groups. In case of a received group share, users should be able to unshare the file to themselves...

4.3CVSS4.3AI score0.00292EPSS

CVE•added 2017/03/28 2:59 a.m.•45 views

CVE-2016-9466

Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Reflected XSS in the Gallery application. The gallery app was not properly sanitizing exception messages from the Nextcloud/ownCloud server. Due to an endpoint where an attacker could influence the error message, th...

6.1CVSS5.8AI score0.00458EPSS

CVE•added 2017/03/28 2:59 a.m.•42 views

CVE-2016-9465

Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDAV image export functionality as implemented in Nextcloud/ownCloud allows the download of images stored within a vCard. Due to not performing any kind of verification on ...

5.4CVSS5.2AI score0.00497EPSS

CVE•added 2017/03/28 2:59 a.m.•41 views

CVE-2016-9461

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on a WebDAV COPY action. This allowed an authenticated attacker with access to a read-only share to pu...

4.3CVSS4.6AI score0.0076EPSS

CVE•added 2017/03/28 2:59 a.m.•41 views

CVE-2016-9462

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file. The restore capability of Nextcloud/ownCloud was not verifying whether a user has only read-only access to a share. Thus a user with read-only access was able to restor...

4.3CVSS4.8AI score0.00455EPSS

CVE•added 2017/03/28 2:59 a.m.•41 views

CVE-2016-9468

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of information.

5.3CVSS5.4AI score0.00301EPSS