Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Nextcloud_server
(Nextcloud)| Repositories |
• https://github.com/nextcloud/server
• https://github.com/nextcloud/gallery • https://github.com/nextcloud/apps |
| #Vulnerabilities | 159 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-05-08 | CVE-2017-0894 | Nextcloud Server before 11.0.3 is vulnerable to disclosure of valid share tokens for public calendars due to a logical error. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token. | Nextcloud_server | 4.3 | ||
| 2020-11-02 | CVE-2020-8173 | A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended. | Nextcloud_server | 2.2 | ||
| 2020-11-02 | CVE-2020-8183 | A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call. | Nextcloud_server | 7.5 | ||
| 2020-11-02 | CVE-2020-8236 | A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor verification by asking for the PIN of the passwordless WebAuthn but not verifying it. | Nextcloud_server | 6.8 | ||
| 2020-11-16 | CVE-2020-8152 | Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on. | Nextcloud_server | 4.4 | ||
| 2020-11-16 | CVE-2020-8259 | Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryption keys. | Nextcloud_server | 8.1 | ||
| 2021-01-26 | CVE-2020-8293 | A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage with those rules. | Nextcloud_server | 6.5 | ||
| 2021-09-07 | CVE-2021-32766 | Nextcloud Text is an open source plaintext editing application which ships with the nextcloud server. In affected versions the Nextcloud Text application returned different error messages depending on whether a folder existed in a public link share. This is problematic in case the public link share has been created with "Upload Only" privileges. (aka "File Drop"). A link share recipient is not expected to see which folders or files exist in a "File Drop" share. Using this vulnerability an... | Nextcloud_server | 5.3 | ||
| 2021-09-07 | CVE-2021-32800 | Nextcloud server is an open source, self hosted personal cloud. In affected versions an attacker is able to bypass Two Factor Authentication in Nextcloud. Thus knowledge of a password, or access to a WebAuthN trusted device of a user was sufficient to gain access to an account. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.1.0. There are no workaround for this vulnerability. | Nextcloud_server | 8.1 | ||
| 2021-09-07 | CVE-2021-32801 | Nextcloud server is an open source, self hosted personal cloud. In affected versions logging of exceptions may have resulted in logging potentially sensitive key material for the Nextcloud Encryption-at-Rest functionality. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.1.0. If upgrading is not an option users are advised to disable system logging to resolve this issue until such time that an upgrade can be performed Note that ff you do not use the... | Nextcloud_server | 5.5 |