Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nextcloud server vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-35172
NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10...
Nextcloud Nextcloud Server
4
CVSSv2
CVE-2018-3762
Nextcloud Server prior to 12.0.8 and 13.0.3 suffers from improper checks of dropped permissions for incoming shares allowing a user to still request previews for files it should not have access to.
Nextcloud Nextcloud Server
4
CVSSv2
CVE-2020-8119
Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app.
Nextcloud Nextcloud Server
5.5
CVSSv2
CVE-2020-8121
A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer.
Nextcloud Nextcloud Server
2.1
CVSSv2
CVE-2020-8152
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an malicious user to replace the public key to decrypt them later on.
Nextcloud Nextcloud Server
2 Github repositories
3.5
CVSSv2
CVE-2020-8155
An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF.
Nextcloud Nextcloud Server
5
CVSSv2
CVE-2020-8183
A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call.
Nextcloud Nextcloud Server
4.6
CVSSv2
CVE-2020-8236
A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor verification by asking for the PIN of the passwordless WebAuthn but not verifying it.
Nextcloud Nextcloud Server
5.5
CVSSv2
CVE-2020-8259
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an malicious user to replace the encryption keys.
Nextcloud Nextcloud Server
4
CVSSv2
CVE-2020-8293
A missing input validation in Nextcloud Server prior to 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage with those rules.
Nextcloud Nextcloud Server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »