Filtered by vendor Nextcloud
Subscriptions
Total
317 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-8281 | 1 Nextcloud | 1 Contacts | 2024-11-21 | 5.4 Medium |
| A missing file type check in Nextcloud Contacts 3.3.0 allows a malicious user to upload malicious SVG files to perform cross-site scripting (XSS) attacks. | ||||
| CVE-2020-8280 | 1 Nextcloud | 1 Contacts | 2024-11-21 | 5.4 Medium |
| A missing file type check in Nextcloud Contacts 3.4.0 allows a malicious user to upload SVG files as PNG files to perform cross-site scripting (XSS) attacks. | ||||
| CVE-2020-8279 | 1 Nextcloud | 1 Social | 2024-11-21 | 7.4 High |
| Missing validation of server certificates for out-going connections in Nextcloud Social < 0.4.0 allowed a man-in-the-middle attack. | ||||
| CVE-2020-8278 | 1 Nextcloud | 1 Social | 2024-11-21 | 5.3 Medium |
| Improper access control in Nextcloud Social app version 0.3.1 allowed to read posts of any user. | ||||
| CVE-2020-8259 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 8.1 High |
| Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryption keys. | ||||
| CVE-2020-8236 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 6.8 Medium |
| A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor verification by asking for the PIN of the passwordless WebAuthn but not verifying it. | ||||
| CVE-2020-8235 | 1 Nextcloud | 1 Deck | 2024-11-21 | 4.3 Medium |
| Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments. | ||||
| CVE-2020-8230 | 1 Nextcloud | 1 Desktop | 2024-11-21 | 5.5 Medium |
| A memory corruption vulnerability exists in NextCloud Desktop Client v2.6.4 where missing ASLR and DEP protections in for windows allowed to corrupt memory. | ||||
| CVE-2020-8229 | 1 Nextcloud | 1 Desktop | 2024-11-21 | 5.5 Medium |
| A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system. | ||||
| CVE-2020-8228 | 2 Nextcloud, Opensuse | 3 Preferred Providers, Backports Sle, Leap | 2024-11-21 | 5.3 Medium |
| A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times. | ||||
| CVE-2020-8227 | 2 Linux, Nextcloud | 2 Linux Kernel, Desktop | 2024-11-21 | 6.8 Medium |
| Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory. | ||||
| CVE-2020-8225 | 1 Nextcloud | 1 Desktop | 2024-11-21 | 7.5 High |
| A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials. | ||||
| CVE-2020-8224 | 1 Nextcloud | 1 Desktop | 2024-11-21 | 7.8 High |
| A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory. | ||||
| CVE-2020-8223 | 2 Fedoraproject, Nextcloud | 2 Fedora, Nextcloud Server | 2024-11-21 | 6.5 Medium |
| A logic error in Nextcloud Server 19.0.0 caused a privilege escalation allowing malicious users to reshare with higher permissions than they got assigned themselves. | ||||
| CVE-2020-8202 | 1 Nextcloud | 1 Preferred Providers | 2024-11-21 | 5.3 Medium |
| Improper check of inputs in Nextcloud Preferred Providers app v1.6.0 allowed to perform a denial of service attack when using a very long password. | ||||
| CVE-2020-8189 | 1 Nextcloud | 1 Desktop | 2024-11-21 | 5.4 Medium |
| A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the login attempt. | ||||
| CVE-2020-8183 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 7.5 High |
| A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call. | ||||
| CVE-2020-8182 | 1 Nextcloud | 1 Deck | 2024-11-21 | 8.0 High |
| Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permissions than they had themselves. | ||||
| CVE-2020-8181 | 1 Nextcloud | 1 Contacts | 2024-11-21 | 4.3 Medium |
| A missing file type check in Nextcloud Contacts 3.2.0 allowed a malicious user to upload any file as avatars. | ||||
| CVE-2020-8180 | 1 Nextcloud | 1 Talk | 2024-11-21 | 9.9 Critical |
| A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed a code injection when a not correctly sanitized talk command was added by an administrator. | ||||