Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nextcloud nextcloud server vulnerabilities and exploits
(subscribe to this query)
4.1
CVSSv3
CVE-2020-8150
A cryptographic issue in Nextcloud Server 19.0.1 allowed an malicious user to downgrade the encryption scheme and break the integrity of encrypted files.
Nextcloud Nextcloud Server
2 Github repositories
7.7
CVSSv3
CVE-2020-8154
An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an malicious user to remote wipe devices of other users when sending a malicious request directly to the endpoint.
Nextcloud Nextcloud Server
2.2
CVSSv3
CVE-2020-8173
A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended.
Nextcloud Nextcloud Server
7.5
CVSSv3
CVE-2023-39960
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server starting with 25.0.0 and before 25.09 and 26.04; as well as Nextcloud Enterprise Server starting with 22.0.0 and before 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, and 26.0.4; m...
Nextcloud Nextcloud Server
4.3
CVSSv3
CVE-2017-0884
Nextcloud Server prior to 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue. Due to a logical error in the file caching layer an authenticated adversary is able to create empty folders inside a shared folder. Note that thi...
Nextcloud Nextcloud Server
4.3
CVSSv3
CVE-2017-0885
Nextcloud Server prior to 9.0.55 and 10.0.2 suffers from a error message disclosing existence of file in write-only share. Due to an error in the application logic an adversary with access to a write-only share may enumerate the names of existing files and subfolders by comparing...
Nextcloud Nextcloud Server
6.5
CVSSv3
CVE-2017-0886
Nextcloud Server prior to 9.0.55 and 10.0.2 suffers from a Denial of Service attack. Due to an error in the application logic an authenticated adversary may trigger an endless recursion in the application leading to a potential Denial of Service.
Nextcloud Nextcloud Server
4.3
CVSSv3
CVE-2017-0887
Nextcloud Server prior to 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation. Due to not properly sanitizing values provided by the `OC-Total-Length` HTTP header an authenticated adversary may be able to exceed their configured user quota. Thus using more space than ...
Nextcloud Nextcloud Server
5.4
CVSSv3
CVE-2017-0890
Nextcloud Server prior to 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.
Nextcloud Nextcloud Server
5.4
CVSSv3
CVE-2017-0891
Nextcloud Server prior to 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to an inadequate escaping of error messages leading to XSS vulnerabilities in multiple components.
Nextcloud Nextcloud Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »