Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Nextcloud_server
(Nextcloud)| Repositories |
• https://github.com/nextcloud/server
• https://github.com/nextcloud/gallery • https://github.com/nextcloud/apps |
| #Vulnerabilities | 165 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-08-12 | CVE-2018-3776 | Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker's actions not being logged in the audit log. | Nextcloud_server | 5.3 | ||
| 2018-08-12 | CVE-2018-3775 | Improper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obtained user credentials to bypass the 2 Factor Authentication. | Nextcloud_server | 8.8 | ||
| 2017-04-05 | CVE-2017-0888 | Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoofing vulnerability in the "files" app. The top navigation bar displayed in the files list contained partially user-controllable input leading to a potential misrepresentation of information. | Nextcloud, Nextcloud_server | 4.3 | ||
| 2017-04-05 | CVE-2017-0884 | Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue. Due to a logical error in the file caching layer an authenticated adversary is able to create empty folders inside a shared folder. Note that this only affects folders and files that the adversary has at least read-only permissions for. | Nextcloud_server | 4.3 | ||
| 2017-04-05 | CVE-2017-0885 | Nextcloud Server before 9.0.55 and 10.0.2 suffers from a error message disclosing existence of file in write-only share. Due to an error in the application logic an adversary with access to a write-only share may enumerate the names of existing files and subfolders by comparing the exception messages. | Nextcloud_server | 4.3 | ||
| 2017-04-05 | CVE-2017-0886 | Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Denial of Service attack. Due to an error in the application logic an authenticated adversary may trigger an endless recursion in the application leading to a potential Denial of Service. | Nextcloud_server | 6.5 | ||
| 2017-04-05 | CVE-2017-0887 | Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation. Due to not properly sanitizing values provided by the `OC-Total-Length` HTTP header an authenticated adversary may be able to exceed their configured user quota. Thus using more space than allowed by the administrator. | Nextcloud_server | 4.3 | ||
| 2017-05-08 | CVE-2017-0890 | Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue. | Nextcloud_server | 5.4 | ||
| 2017-05-08 | CVE-2017-0892 | Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an application specific password without permission to the files access to the users file. | Nextcloud_server | 3.5 | ||
| 2017-05-08 | CVE-2017-0894 | Nextcloud Server before 11.0.3 is vulnerable to disclosure of valid share tokens for public calendars due to a logical error. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token. | Nextcloud_server | 4.3 |