Product:

Nextcloud_server

(Nextcloud)
Date Id Summary Products Score Patch Annotated
2020-02-04 CVE-2020-8117 Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public event. Nextcloud_server 4.3
2020-02-04 CVE-2020-8118 An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application. Nextcloud_server, Suse_linux_enterprise_server, Backports_sle 5.0
2020-02-04 CVE-2020-8119 Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app. Nextcloud_server 4.3
2020-02-04 CVE-2020-8120 A reflected Cross-Site Scripting vulnerability in Nextcloud Server 16.0.1 was discovered in the svg generation. Nextcloud_server 6.1
2020-02-04 CVE-2020-8121 A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer. Nextcloud_server 8.1
2020-02-04 CVE-2020-8122 A missing check in Nextcloud Server 14.0.3 could give recipient the possibility to extend the expiration date of a share they received. Nextcloud_server 4.3
2020-03-20 CVE-2020-8138 A missing check for IPv4 nested inside IPv6 in Nextcloud server < 17.0.1, < 16.0.7, and < 15.0.14 allowed a Server-Side Request Forgery (SSRF) vulnerability when subscribing to a malicious calendar URL. Nextcloud_server 6.5
2020-03-20 CVE-2020-8139 A missing access control check in Nextcloud Server < 18.0.1, < 17.0.4, and < 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL. Fedora, Nextcloud_server 6.5
2020-05-12 CVE-2020-8154 An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint. Nextcloud_server 7.7
2020-05-12 CVE-2020-8155 An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF. Nextcloud_server 5.4