Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Nextcloud_server
(Nextcloud)| Repositories |
• https://github.com/nextcloud/server
• https://github.com/nextcloud/gallery • https://github.com/nextcloud/apps |
| #Vulnerabilities | 165 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-05-12 | CVE-2020-8154 | An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint. | Nextcloud_server | 7.7 | ||
| 2020-05-12 | CVE-2020-8155 | An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF. | Nextcloud_server | 5.4 | ||
| 2020-10-05 | CVE-2020-8223 | A logic error in Nextcloud Server 19.0.0 caused a privilege escalation allowing malicious users to reshare with higher permissions than they got assigned themselves. | Fedora, Nextcloud_server | 6.5 | ||
| 2020-11-02 | CVE-2020-8173 | A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended. | Nextcloud_server | 2.2 | ||
| 2020-11-02 | CVE-2020-8183 | A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call. | Nextcloud_server | 7.5 | ||
| 2020-11-02 | CVE-2020-8236 | A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor verification by asking for the PIN of the passwordless WebAuthn but not verifying it. | Nextcloud_server | 6.8 | ||
| 2020-11-09 | CVE-2020-8133 | A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed an attacker to overwrite blocks in a file. | Nextcloud_server | 5.3 | ||
| 2020-11-09 | CVE-2020-8150 | A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files. | Nextcloud_server | 4.1 | ||
| 2020-11-16 | CVE-2020-8152 | Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on. | Nextcloud_server | 4.4 | ||
| 2020-11-16 | CVE-2020-8259 | Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryption keys. | Nextcloud_server | 8.1 |