Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nextcloud vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2020-8183
A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call.
Nextcloud Nextcloud Server
5.5
CVSSv2
CVE-2020-8259
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an malicious user to replace the encryption keys.
Nextcloud Nextcloud Server
3.5
CVSSv2
CVE-2020-8294
A missing link validation in Nextcloud Server prior to 20.0.2, 19.0.5, 18.0.11 allows execution of a stored XSS attack using Internet Explorer when saving a 'javascript:' URL in markdown format.
Nextcloud Nextcloud Server
5
CVSSv2
CVE-2020-8295
A wrong check in Nextcloud Server 19 and prior allowed to perform a denial of service attack when resetting the password for a user.
Nextcloud Nextcloud Server
4
CVSSv2
CVE-2017-0886
Nextcloud Server prior to 9.0.55 and 10.0.2 suffers from a Denial of Service attack. Due to an error in the application logic an authenticated adversary may trigger an endless recursion in the application leading to a potential Denial of Service.
Nextcloud Nextcloud Server
4.3
CVSSv2
CVE-2017-0892
Nextcloud Server prior to 11.0.3 is vulnerable to an improper session handling allowed an application specific password without permission to the files access to the users file.
Nextcloud Nextcloud Server
4.3
CVSSv2
CVE-2017-0894
Nextcloud Server prior to 11.0.3 is vulnerable to disclosure of valid share tokens for public calendars due to a logical error. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token.
Nextcloud Nextcloud Server
4
CVSSv2
CVE-2017-0885
Nextcloud Server prior to 9.0.55 and 10.0.2 suffers from a error message disclosing existence of file in write-only share. Due to an error in the application logic an adversary with access to a write-only share may enumerate the names of existing files and subfolders by comparing...
Nextcloud Nextcloud Server
3.2
CVSSv2
CVE-2019-15612
A bug in Nextcloud Server 15.0.2 causes pending 2FA logins to not be correctly expired when the password of the user is reset.
Nextcloud Nextcloud Server
4
CVSSv2
CVE-2019-15616
Dangling remote share attempts in Nextcloud 16 allow a DNS pollution when running long.
Nextcloud Nextcloud Server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »