Server Security Vulnerabilities and Issues — Server CVE List

Lucene search

NextcloudServer

5 matches found

CVE•added 2020/02/04 8:15 p.m.•137 views

CVE-2019-15613

A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes.

8CVSS7.6AI score0.00264EPSS

CVE•added 2021/10/25 10:15 p.m.•68 views

CVE-2021-41178

Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, a file traversal vulnerability makes an attacker able to download arbitrary SVG images from the host system, including user provided files. This could also be leveraged into a XSS/phishing...

8.8CVSS6.7AI score0.00226EPSS

CVE•added 2020/02/04 8:15 p.m.•63 views

CVE-2020-8121

A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer.

8.1CVSS7.9AI score0.00437EPSS

CVE•added 2020/11/16 1:15 a.m.•59 views

CVE-2020-8259

Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryption keys.

8.1CVSS7.9AI score0.00205EPSS

CVE•added 2018/10/30 9:29 p.m.•43 views

CVE-2018-16466

Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrictions by acess tokens.

8.1CVSS7.9AI score0.00126EPSS