Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Nextcloud_server
(Nextcloud)| Repositories |
• https://github.com/nextcloud/server
• https://github.com/nextcloud/gallery • https://github.com/nextcloud/apps |
| #Vulnerabilities | 159 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-07-12 | CVE-2021-32705 | Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public DAV endpoint. This may have allowed an attacker to enumerate potentially valid share tokens or credentials. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds. | Fedora, Nextcloud_server | 7.5 | ||
| 2022-11-25 | CVE-2022-39346 | Nextcloud server is an open source personal cloud server. Affected versions of nextcloud server did not properly limit user display names which could allow a malicious users to overload the backing database and cause a denial of service. It is recommended that the Nextcloud Server is upgraded to 22.2.10, 23.0.7 or 24.0.3. There are no known workarounds for this issue. | Fedora, Nextcloud_enterprise_server, Nextcloud_server | 6.5 | ||
| 2023-02-13 | CVE-2023-25159 | Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Office is a document collaboration app for the same platform. Nextcloud Server 24.0.x prior to 24.0.8 and 25.0.x prior to 25.0.1, Nextcloud Enterprise Server 24.0.x prior to 24.0.8 and 25.0.x prior to 25.0.1, and Nextcloud Office (Richdocuments) App 6.x prior to 6.3.1 and 7.x prior to 7.0.1 have previews accessible without a watermark. The download should be hidden and the watermark... | Nextcloud_server, Richdocuments | 5.3 | ||
| 2023-02-25 | CVE-2023-25816 | Nextcloud is an Open Source private cloud software. Versions 25.0.0 and above, prior to 25.0.3, are subject to Uncontrolled Resource Consumption. A user can configure a very long password, consuming more resources on password validation than desired. This issue is patched in 25.0.3 No workaround is available. | Nextcloud_server | 6.5 | ||
| 2023-02-25 | CVE-2023-25821 | Nextcloud is an Open Source private cloud software. Versions 24.0.4 and above, prior to 24.0.7, and 25.0.0 and above, prior to 25.0.1, contain Improper Access Control. Secure view for internal shares can be circumvented if reshare permissions are also given. This issue is patched in versions 24.0.7 and 25.0.1. No workaround is available. | Nextcloud_server | 7.5 | ||
| 2023-03-30 | CVE-2023-28644 | Nextcloud server is an open source home cloud implementation. In releases of the 25.0.x branch before 25.0.3 an inefficient fetch operation may impact server performances and/or can lead to a denial of service. This issue has been addressed and it is recommended that the Nextcloud Server is upgraded to 25.0.3. There are no known workarounds for this vulnerability. | Nextcloud_server | 7.5 | ||
| 2023-10-16 | CVE-2023-45148 | Nextcloud is an open source home cloud server. When Memcached is used as `memcache.distributed` the rate limiting in Nextcloud Server could be reset unexpectedly resetting the rate count earlier than intended. Users are advised to upgrade to versions 25.0.11, 26.0.6 or 27.1.0. Users unable to upgrade should change their config setting `memcache.distributed` to `\OC\Memcache\Redis` and install Redis instead of Memcached. | Nextcloud_server | 4.3 | ||
| 2023-10-16 | CVE-2023-45151 | Nextcloud server is an open source home cloud platform. Affected versions of Nextcloud stored OAuth2 tokens in plaintext which allows an attacker who has gained access to the server to potentially elevate their privilege. This issue has been addressed and users are recommended to upgrade their Nextcloud Server to version 25.0.8, 26.0.3 or 27.0.1. There are no known workarounds for this vulnerability. | Nextcloud_server | 8.8 | ||
| 2023-10-13 | CVE-2023-39960 | Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server starting with 25.0.0 and prior to 25.09 and 26.04; as well as Nextcloud Enterprise Server starting with 22.0.0 and prior to 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, and 26.0.4; missing protection allows an attacker to brute force passwords on the WebDAV API. Nextcloud Server 25.0.9 and 26.0.4 and Nextcloud Enterprise Server 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, and 26.0.4 contain... | Nextcloud_server | 7.5 | ||
| 2023-08-10 | CVE-2023-39952 | Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 22.0.0 and prior to versions 22.2.10.13, 23.0.12.8, 24.0.12.4, 25.0.8, 26.0.3, and 27.0.1, a user can access files inside a subfolder of a groupfolder accessible to them, even if advanced permissions would block access to the subfolder. Nextcloud Server versions 25.0.8, 26.0.3, and 27.0.1 and Nextcloud Enterprise Server versions 22.2.10.13, 23.0.12.8, 24.0.12.4, 25.0.8, 26.0.3, and 27.0.1... | Nextcloud_server | 6.5 |