Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nextcloud nextcloud server vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv2
CVE-2017-0883
Nextcloud Server prior to 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue. A permission related issue within the OCS sharing API allowed an authenticated adversary to reshare shared files with an increasing permission set. This may allow an ma...
Nextcloud Nextcloud Server
Nextcloud Nextcloud Server 10.0.2
5
CVSSv2
CVE-2022-24888
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1, it is possible to create files and folders that have leading and trailing \n, \r, \t, and \v characters. The server rejects fi...
Nextcloud Nextcloud Server
5
CVSSv2
CVE-2021-41239
Nextcloud server is a self hosted system designed to provide cloud style services. In affected versions the User Status API did not consider the user enumeration settings by the administrator. This allowed a user to enumerate other users on the instance, even when user listings w...
Nextcloud Nextcloud Server
Nextcloud Nextcloud Server 22.2.0
5
CVSSv2
CVE-2021-32766
Nextcloud Text is an open source plaintext editing application which ships with the nextcloud server. In affected versions the Nextcloud Text application returned different error messages depending on whether a folder existed in a public link share. This is problematic in case th...
Nextcloud Nextcloud Server
5
CVSSv2
CVE-2021-32734
Nextcloud Server is a Nextcloud package that handles data storage. In versions before 19.0.13, 20.011, and 21.0.3, the Nextcloud Text application shipped with Nextcloud Server returned verbatim exception messages to the user. This could result in a full path disclosure on shared ...
Nextcloud Nextcloud Server
5
CVSSv2
CVE-2021-32741
Nextcloud Server is a Nextcloud package that handles data storage. In versions before 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public share link mount endpoint. This may have allowed an malicious user to enumerate potentially valid share tokens. The is...
Nextcloud Nextcloud Server
5
CVSSv2
CVE-2021-32725
Nextcloud Server is a Nextcloud package that handles data storage. In versions before 19.0.13, 20.011, and 21.0.3, default share permissions were not being respected for federated reshares of files and folders. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There a...
Nextcloud Nextcloud Server
5
CVSSv2
CVE-2021-32705
Nextcloud Server is a Nextcloud package that handles data storage. In versions before 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public DAV endpoint. This may have allowed an malicious user to enumerate potentially valid share tokens or credentials. The ...
Nextcloud Nextcloud Server
Fedoraproject Fedora 33
Fedoraproject Fedora 34
5
CVSSv2
CVE-2021-32703
Nextcloud Server is a Nextcloud package that handles data storage. In versions before 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the shareinfo endpoint. This may have allowed an malicious user to enumerate potentially valid share tokens. The issue was fixed ...
Nextcloud Nextcloud Server
Fedoraproject Fedora 33
Fedoraproject Fedora 34
5
CVSSv2
CVE-2021-32678
Nextcloud Server is a Nextcloud package that handles data storage. In versions before 19.0.13, 20.0.11, and 21.0.3, ratelimits are not applied to OCS API responses. This affects any OCS API controller (`OCSController`) using the `@BruteForceProtection` annotation. Risk depends on...
Nextcloud Nextcloud Server
Fedoraproject Fedora 33
Fedoraproject Fedora 34
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »