Filtered by vendor Nextcloud
Subscriptions
Total
317 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-8179 | 1 Nextcloud | 1 Deck | 2024-11-21 | 4.1 Medium |
| Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to inject tasks into other users decks. | ||||
| CVE-2020-8173 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 2.2 Low |
| A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended. | ||||
| CVE-2020-8156 | 2 Fedoraproject, Nextcloud | 2 Fedora, Mail | 2024-11-21 | 7.0 High |
| A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack. | ||||
| CVE-2020-8155 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 5.4 Medium |
| An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF. | ||||
| CVE-2020-8154 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 7.7 High |
| An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint. | ||||
| CVE-2020-8153 | 2 Fedoraproject, Nextcloud | 2 Fedora, Group Folders | 2024-11-21 | 8.1 High |
| Improper access control in Groupfolders app 4.0.3 allowed to delete hidden directories when when renaming an accessible item to the same name. | ||||
| CVE-2020-8152 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 4.4 Medium |
| Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on. | ||||
| CVE-2020-8150 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 4.1 Medium |
| A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files. | ||||
| CVE-2020-8140 | 2 Apple, Nextcloud | 2 Macos, Desktop | 2024-11-21 | 6.7 Medium |
| A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the environment. | ||||
| CVE-2020-8139 | 2 Fedoraproject, Nextcloud | 2 Fedora, Nextcloud Server | 2024-11-21 | 6.5 Medium |
| A missing access control check in Nextcloud Server < 18.0.1, < 17.0.4, and < 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL. | ||||
| CVE-2020-8138 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 6.5 Medium |
| A missing check for IPv4 nested inside IPv6 in Nextcloud server < 17.0.1, < 16.0.7, and < 15.0.14 allowed a Server-Side Request Forgery (SSRF) vulnerability when subscribing to a malicious calendar URL. | ||||
| CVE-2020-8133 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 5.3 Medium |
| A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed an attacker to overwrite blocks in a file. | ||||
| CVE-2020-8122 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 4.3 Medium |
| A missing check in Nextcloud Server 14.0.3 could give recipient the possibility to extend the expiration date of a share they received. | ||||
| CVE-2020-8121 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 8.1 High |
| A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer. | ||||
| CVE-2020-8120 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 6.1 Medium |
| A reflected Cross-Site Scripting vulnerability in Nextcloud Server 16.0.1 was discovered in the svg generation. | ||||
| CVE-2020-8119 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 4.3 Medium |
| Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app. | ||||
| CVE-2020-8118 | 3 Nextcloud, Novell, Opensuse | 3 Nextcloud Server, Suse Linux Enterprise Server, Backports Sle | 2024-11-21 | 5.0 Medium |
| An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application. | ||||
| CVE-2020-8117 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 4.3 Medium |
| Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public event. | ||||
| CVE-2019-5476 | 1 Nextcloud | 1 Lookup-server | 2024-11-21 | 9.8 Critical |
| An SQL Injection in the Nextcloud Lookup-Server < v0.3.0 (running on https://lookup.nextcloud.com) caused unauthenticated users to be able to execute arbitrary SQL commands. | ||||
| CVE-2019-5455 | 1 Nextcloud | 1 Nextcloud | 2024-11-21 | 6.8 Medium |
| Bypassing lock protection exists in Nextcloud Android app 3.6.0 when creating a multi-account and aborting the process. | ||||