Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Nextcloud_server
(Nextcloud)| Repositories |
• https://github.com/nextcloud/server
• https://github.com/nextcloud/gallery • https://github.com/nextcloud/apps |
| #Vulnerabilities | 165 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-07-05 | CVE-2018-3761 | Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper authentication on the OAuth2 token endpoint. Missing checks potentially allowed handing out new tokens in case the OAuth2 client was partly compromised. | Nextcloud_server | 8.1 | ||
| 2018-07-05 | CVE-2018-3762 | Nextcloud Server before 12.0.8 and 13.0.3 suffers from improper checks of dropped permissions for incoming shares allowing a user to still request previews for files it should not have access to. | Nextcloud_server | 4.3 | ||
| 2018-08-12 | CVE-2018-3776 | Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker's actions not being logged in the audit log. | Nextcloud_server | 5.3 | ||
| 2018-08-12 | CVE-2018-3775 | Improper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obtained user credentials to bypass the 2 Factor Authentication. | Nextcloud_server | 8.8 | ||
| 2017-04-05 | CVE-2017-0888 | Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoofing vulnerability in the "files" app. The top navigation bar displayed in the files list contained partially user-controllable input leading to a potential misrepresentation of information. | Nextcloud, Nextcloud_server | 4.3 | ||
| 2017-04-05 | CVE-2017-0884 | Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue. Due to a logical error in the file caching layer an authenticated adversary is able to create empty folders inside a shared folder. Note that this only affects folders and files that the adversary has at least read-only permissions for. | Nextcloud_server | 4.3 | ||
| 2017-04-05 | CVE-2017-0885 | Nextcloud Server before 9.0.55 and 10.0.2 suffers from a error message disclosing existence of file in write-only share. Due to an error in the application logic an adversary with access to a write-only share may enumerate the names of existing files and subfolders by comparing the exception messages. | Nextcloud_server | 4.3 | ||
| 2017-04-05 | CVE-2017-0886 | Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Denial of Service attack. Due to an error in the application logic an authenticated adversary may trigger an endless recursion in the application leading to a potential Denial of Service. | Nextcloud_server | 6.5 | ||
| 2017-04-05 | CVE-2017-0887 | Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation. Due to not properly sanitizing values provided by the `OC-Total-Length` HTTP header an authenticated adversary may be able to exceed their configured user quota. Thus using more space than allowed by the administrator. | Nextcloud_server | 4.3 | ||
| 2017-05-08 | CVE-2017-0890 | Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue. | Nextcloud_server | 5.4 |