Nextcloud Server Security Vulnerabilities and Issues — Nextcloud Server CVE List

Lucene search

NextcloudNextcloud Server

8 matches found

CVE•added 2021/07/12 2:15 p.m.•140 views

CVE-2021-32680

Nextcloud Server is a Nextcloud package that handles data storage. In versions priot to 19.0.13, 20.0.11, and 21.0.3, Nextcloud Server audit logging functionality wasn't properly logging events for the unsetting of a share expiration date. This event is supposed to be logged. This issue is patched ...

3.3CVSS4.8AI score0.00148EPSS

CVE•added 2024/01/18 8:15 p.m.•81 views

CVE-2024-22403

Nextcloud server is a self hosted personal cloud system. In affected versions OAuth codes did not expire. When an attacker would get access to an authorization code they could authenticate at any time using the code. As of version 28.0.0 OAuth codes are invalidated after 10 minutes and will no long...

3.7CVSS4.1AI score0.00261EPSS

CVE•added 2021/06/01 9:15 p.m.•67 views

CVE-2021-32655

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.11, 20.0.10, and 21.0.2, an attacker is able to convert a Files Drop link to a federated share. This causes an issue on the UI side of the sharing user. When the sharing user opens the sharing panel and tri...

3.5CVSS4AI score0.00307EPSS

CVE•added 2024/06/14 4:15 p.m.•59 views

CVE-2024-37887

Nextcloud Server is a self hosted personal cloud system. Private shared calendar events' recurrence exceptions can be read by sharees. It is recommended that the Nextcloud Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1 and that the Nextcloud Enterprise Server is upgraded to 27.1.10 or 28.0.6 or ...

3.5CVSS3.6AI score0.00057EPSS

CVE•added 2017/05/08 8:29 p.m.•57 views

CVE-2017-0895

Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure of calendar and addressbook names to other logged-in users. Note that no actual content of the calendar and addressbook has been disclosed.

3.5CVSS3.9AI score0.00126EPSS

CVE•added 2024/06/14 3:15 p.m.•47 views

CVE-2024-37314

Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or 26.0.2.

3.5CVSS3.8AI score0.00069EPSS

CVE•added 2018/10/30 9:29 p.m.•43 views

CVE-2018-16463

A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could potentially allow an attacker to obtain access to password protected shares.

3.6CVSS3.9AI score0.00132EPSS

CVE•added 2020/11/02 9:15 p.m.•42 views

CVE-2020-8173

A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended.

3.5CVSS4.5AI score0.00276EPSS