Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nextcloud server vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2020-8154
An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an malicious user to remote wipe devices of other users when sending a malicious request directly to the endpoint.
Nextcloud Nextcloud Server
3.5
CVSSv2
CVE-2020-8173
A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended.
Nextcloud Nextcloud Server
NA
CVE-2023-39960
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server starting with 25.0.0 and before 25.09 and 26.04; as well as Nextcloud Enterprise Server starting with 22.0.0 and before 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, and 26.0.4; m...
Nextcloud Nextcloud Server
4
CVSSv2
CVE-2017-0884
Nextcloud Server prior to 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue. Due to a logical error in the file caching layer an authenticated adversary is able to create empty folders inside a shared folder. Note that thi...
Nextcloud Nextcloud Server
4
CVSSv2
CVE-2017-0885
Nextcloud Server prior to 9.0.55 and 10.0.2 suffers from a error message disclosing existence of file in write-only share. Due to an error in the application logic an adversary with access to a write-only share may enumerate the names of existing files and subfolders by comparing...
Nextcloud Nextcloud Server
4
CVSSv2
CVE-2017-0886
Nextcloud Server prior to 9.0.55 and 10.0.2 suffers from a Denial of Service attack. Due to an error in the application logic an authenticated adversary may trigger an endless recursion in the application leading to a potential Denial of Service.
Nextcloud Nextcloud Server
4
CVSSv2
CVE-2017-0887
Nextcloud Server prior to 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation. Due to not properly sanitizing values provided by the `OC-Total-Length` HTTP header an authenticated adversary may be able to exceed their configured user quota. Thus using more space than ...
Nextcloud Nextcloud Server
3.5
CVSSv2
CVE-2017-0890
Nextcloud Server prior to 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.
Nextcloud Nextcloud Server
3.5
CVSSv2
CVE-2017-0891
Nextcloud Server prior to 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to an inadequate escaping of error messages leading to XSS vulnerabilities in multiple components.
Nextcloud Nextcloud Server
4.3
CVSSv2
CVE-2017-0892
Nextcloud Server prior to 11.0.3 is vulnerable to an improper session handling allowed an application specific password without permission to the files access to the users file.
Nextcloud Nextcloud Server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »