Nextcloud Server Security Vulnerabilities and Issues — Nextcloud Server CVE List

Lucene search

NextcloudNextcloud Server

20 matches found

CVE•added 2022/03/08 6:15 p.m.•102 views

CVE-2021-41239

Nextcloud server is a self hosted system designed to provide cloud style services. In affected versions the User Status API did not consider the user enumeration settings by the administrator. This allowed a user to enumerate other users on the instance, even when user listings where disabled. It i...

5.3CVSS5.3AI score0.00134EPSS

CVE•added 2022/03/08 7:15 p.m.•92 views

CVE-2021-41241

Nextcloud server is a self hosted system designed to provide cloud style services. The groupfolders application for Nextcloud allows sharing a folder with a group of people. In addition, it allows setting "advanced permissions" on subfolders, for example, a user could be granted access to the group...

4.3CVSS4.8AI score0.00087EPSS

CVE•added 2022/03/09 10:15 p.m.•88 views

CVE-2022-24741

Nextcloud server is an open source, self hosted cloud style services platform. In affected versions an attacker can cause a denial of service by uploading specially crafted files which will cause the server to allocate too much memory / CPU. It is recommended that the Nextcloud Server is upgraded t...

6.5CVSS5.1AI score0.00136EPSS

CVE•added 2022/08/04 5:15 p.m.•85 views

CVE-2022-31118

Nextcloud server is an open source personal cloud solution. In affected versions an attacker could brute force to find if federated sharing is being used and potentially try to brute force access tokens for federated shares (a-zA-Z0-9 ^ 15). It is recommended that the Nextcloud Server is upgraded t...

6.5CVSS4.5AI score0.00094EPSS

CVE•added 2022/03/10 9:15 p.m.•82 views

CVE-2021-41233

Nextcloud text is a collaborative document editing using Markdown built for the nextcloud server. Due to an issue with the Nextcloud Text application, which is by default shipped with Nextcloud Server, an attacker is able to access the folder names of "File Drop". For successful exploitation an att...

6.5CVSS5.3AI score0.00178EPSS

CVE•added 2022/04/27 3:15 p.m.•80 views

CVE-2022-24889

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 21.0.8, 22.2.4, and 23.0.1, it is possible to trick administrators into enabling "recommended" apps for the Nextcloud server that they do not need, thus expanding their attack surface ...

4.3CVSS4.2AI score0.00091EPSS

CVE•added 2022/12/01 9:15 p.m.•77 views

CVE-2022-41969

Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.11, 24.0.7, and 25.0.0, there is no password length limit when creating a user as an administrator. An administrator can cause a limited DoS attack against their own server. Versions 23.0.11, 24.0.7, and 25.0.0 contain...

2.7CVSS3.5AI score0.00046EPSS

CVE•added 2022/04/27 3:15 p.m.•73 views

CVE-2022-24888

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1, it is possible to create files and folders that have leading and trailing \n, \r, \t, and \v characters. The server rejects files and folders tha...

5CVSS4.8AI score0.00144EPSS

CVE•added 2022/05/31 5:15 p.m.•72 views

CVE-2022-29243

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.7 and 23.0.4, missing input-size validation of new session names allows users to create app passwords with long names. These long names are then loaded into memory on usage, resul...

4.3CVSS4.8AI score0.00119EPSS

CVE•added 2022/08/04 5:15 p.m.•69 views

CVE-2022-31120

Nextcloud server is an open source personal cloud solution. The audit log is used to get a full trail of the actions which has been incompletely populated. In affected versions federated share events were not properly logged which would allow brute force attacks to go unnoticed. This behavior exace...

2.7CVSS4.5AI score0.00378EPSS

CVE•added 2022/11/25 7:15 p.m.•68 views

CVE-2022-39346

Nextcloud server is an open source personal cloud server. Affected versions of nextcloud server did not properly limit user display names which could allow a malicious users to overload the backing database and cause a denial of service. It is recommended that the Nextcloud Server is upgraded to 22...

6.5CVSS4.9AI score0.00185EPSS

CVE•added 2022/09/16 11:15 p.m.•67 views

CVE-2022-39211

Nextcloud server is an open source personal cloud platform. In affected versions it was found that locally running webservices can be found and requested erroneously. It is recommended that the Nextcloud Server is upgraded to 23.0.8 or 24.0.4. It is recommended that the Nextcloud Enterprise Server ...

5.3CVSS4.5AI score0.00104EPSS

CVE•added 2022/05/20 4:15 p.m.•64 views

CVE-2022-29163

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.6 and 23.0.3, a user can create a link that is not password protected even if the administrator requires links to be password protected. Versions 22.2.6 and 23.0.3 contain a patch...

4.3CVSS4.2AI score0.00433EPSS

CVE•added 2022/09/15 10:15 p.m.•62 views

CVE-2022-36074

Nextcloud server is an open source personal cloud product. Affected versions of this package are vulnerable to Information Exposure which fails to strip the Authorization header on HTTP downgrade. This can lead to account access exposure and compromise. It is recommended that the Nextcloud Server i...

7.5CVSS6.8AI score0.00211EPSS

CVE•added 2022/12/01 9:15 p.m.•62 views

CVE-2022-41970

Nextcloud Server is an open source personal cloud server. Prior to versions 24.0.7 and 25.0.1, disabled download shares still allow download through preview images. Images could be downloaded and previews of documents (first page) can be downloaded without being watermarked. Versions 24.0.7 and 25....

5.3CVSS4.4AI score0.00096EPSS

CVE•added 2022/10/27 2:15 p.m.•59 views

CVE-2022-39329

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 23.0.9 and 24.0.5 are vulnerable to exposure of information that cannot be controlled by administrators without direct database access....

5.3CVSS4.4AI score0.00163EPSS

CVE•added 2022/10/27 3:15 p.m.•53 views

CVE-2022-39364

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server prior to versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server prior to versions 22.2.10.5, 23.0.9, and 24.0.5 an attacker reading nextcloud.log may gain knowledge of credential...

6.5CVSS5.3AI score0.00093EPSS

CVE•added 2022/12/01 9:15 p.m.•53 views

CVE-2022-41968

Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.10 and 24.0.5, calendar name lengths are not validated before writing to a database. As a result, an attacker can send unnecessary amounts of data against the database. Version 23.0.10 and 24.0.5 contain patches for th...

5.3CVSS4.5AI score0.00071EPSS

CVE•added 2022/10/27 2:15 p.m.•51 views

CVE-2022-39330

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server prior to versions 23.0.10 and 24.0.6 and Nextcloud Enterprise Server prior to versions 22.2.10, 23.0.10, and 24.0.6 are vulnerable to a logged-in attacker slowing down the system by gen...

4.8CVSS4.5AI score0.00094EPSS

CVE•added 2022/07/05 6:15 p.m.•48 views

CVE-2022-31014

Nextcloud server is an open source personal cloud server. Affected versions were found to be vulnerable to SMTP command injection. The impact varies based on which commands are supported by the backend SMTP server. However, the main risk here is that the attacker can then hijack an already-authenti...

5.4CVSS4.8AI score0.00972EPSS