Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nextcloud deck vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-22472
Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. It is possible to make a user send any POST request with an arbitrary body given they click on a malicious deep link on a Windows computer. (e.g. in a...
Nextcloud Desktop 3.6.1
8.1
CVSSv3
CVE-2021-39225
Nextcloud is an open-source, self-hosted productivity platform. A missing permission check in Nextcloud Deck prior to 1.2.9, 1.4.5 and 1.5.3 allows another authenticated users to access Deck cards of another user. It is recommended that the Nextcloud Deck App is upgraded to 1.2.9...
Nextcloud Deck
8
CVSSv3
CVE-2020-8182
Improper access control in Nextcloud Deck 0.8.0 allowed an malicious user to reshare boards shared with them with more permissions than they had themselves.
Nextcloud Deck 0.8.0
6.5
CVSSv3
CVE-2023-22470
Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A database error can be generated potentially causing a DoS when performed multiple times. There are currently no known workarounds. It is r...
Nextcloud Deck
6.5
CVSSv3
CVE-2021-37631
Deck is an open source kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions the Deck application didn't properly check membership of users in a Circle. This allowed other users in the ins...
Nextcloud Deck
6.5
CVSSv3
CVE-2021-22913
Nextcloud Deck prior to 1.2.7, 1.4.1 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only the local Nextcloud server unless a global search has been explicitly chosen by the user.
Nextcloud Deck
6.1
CVSSv3
CVE-2022-24887
Nextcloud Talk is a video and audio conferencing app for Nextcloud, a self-hosted productivity platform. Prior to versions 11.3.4, 12.2.2, and 13.0.0, when sharing a Deck card in conversation, the metaData can be manipulated so users can be tricked into opening arbitrary URLs. Th...
Nextcloud Talk
Nextcloud Talk 13.0.0
5.4
CVSSv3
CVE-2024-22213
Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions users could be tricked into executing malicious code that would execute in their browser via HTML sent as a comment. It is recomm...
Nextcloud Deck
4.8
CVSSv3
CVE-2019-15619
Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project.
Nextcloud Deck
Nextcloud Nextcloud Server
Nextcloud Talk
4.3
CVSSv3
CVE-2023-22471
Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Broken access control allows a user to delete attachments of other users. There are currently no known workarounds. It is recommended that the Nextclo...
Nextcloud Deck
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »