Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Nextcloud_server
(Nextcloud)| Repositories |
• https://github.com/nextcloud/server
• https://github.com/nextcloud/gallery • https://github.com/nextcloud/apps |
| #Vulnerabilities | 165 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-11-15 | CVE-2024-52521 | Nextcloud Server is a self hosted personal cloud system. MD5 hashes were used to check background jobs for their uniqueness. This increased the chances of a background job with arguments falsely being identified as already existing and not be queued for execution. By changing the Hash to SHA256 the probability was heavily decreased. It is recommended that the Nextcloud Server is upgraded to 28.0.10, 29.0.7 or 30.0.0. | Nextcloud_server | 5.3 | ||
| 2024-11-15 | CVE-2024-52525 | Nextcloud Server is a self hosted personal cloud system. Under certain conditions the password of a user was stored unencrypted in the session data. The session data is encrypted before being saved in the session storage (Redis or disk), but it would allow a malicious process that gains access to the memory of the PHP process, to get access to the cleartext password of the user. It is recommended that the Nextcloud Server is upgraded to 28.0.12, 29.0.9 or 30.0.2. | Nextcloud_server | 7.5 | ||
| 2024-11-15 | CVE-2024-52516 | Nextcloud Server is a self hosted personal cloud system. When a server is configured to only allow sharing with users that are in ones own groups, after a user was removed from a group, previously shared items were not unshared. It is recommended that the Nextcloud Server is upgraded to 22.2.11 or 23.0.11 or 24.0.6 and Nextcloud Enterprise Server is upgraded to 22.2.11 or 23.0.11 or 24.0.6. | Nextcloud_server | 4.3 | ||
| 2024-11-15 | CVE-2024-52517 | Nextcloud Server is a self hosted personal cloud system. After storing "Global credentials" on the server, the API returns them and adds them into the frontend again, allowing to read them in plain text when an attacker already has access to an active session of a user. It is recommended that the Nextcloud Server is upgraded to 28.0.11, 29.0.8 or 30.0.1 and Nextcloud Enterprise Server is upgraded to 25.0.13.13, 26.0.13.9, 27.1.11.9, 28.0.11, 29.0.8 or 30.0.1. | Nextcloud_server | 5.9 | ||
| 2020-02-04 | CVE-2020-8117 | Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public event. | Nextcloud_server | 4.3 | ||
| 2020-02-04 | CVE-2020-8118 | An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application. | Nextcloud_server, Suse_linux_enterprise_server, Backports_sle | 5.0 | ||
| 2020-02-04 | CVE-2020-8119 | Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app. | Nextcloud_server | 4.3 | ||
| 2020-02-04 | CVE-2020-8120 | A reflected Cross-Site Scripting vulnerability in Nextcloud Server 16.0.1 was discovered in the svg generation. | Nextcloud_server | 6.1 | ||
| 2020-02-04 | CVE-2020-8121 | A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer. | Nextcloud_server | 8.1 | ||
| 2020-02-04 | CVE-2020-8122 | A missing check in Nextcloud Server 14.0.3 could give recipient the possibility to extend the expiration date of a share they received. | Nextcloud_server | 4.3 |