Nextcloud

Nextcloud

155 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 1.37%
  • Veröffentlicht 12.07.2021 13:15:08
  • Zuletzt bearbeitet 21.11.2024 06:07:30

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, filenames where not escaped by default in controllers using `DownloadResponse`. When a user-supplied filename was passed unsanitized...

  • EPSS 1.37%
  • Veröffentlicht 12.07.2021 13:15:07
  • Zuletzt bearbeitet 21.11.2024 06:07:30

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, ratelimits are not applied to OCS API responses. This affects any OCS API controller (`OCSController`) using the `@BruteForceProtect...

Exploit
  • EPSS 0.97%
  • Veröffentlicht 17.06.2021 22:15:07
  • Zuletzt bearbeitet 21.11.2024 06:07:32

Nextcloud Android app is the Android client for Nextcloud. In versions prior to 3.15.1, a malicious application on the same device is possible to crash the Nextcloud Android Client due to an uncaught exception. The vulnerability is patched in version...

Exploit
  • EPSS 0.88%
  • Veröffentlicht 17.06.2021 21:15:07
  • Zuletzt bearbeitet 21.11.2024 06:07:32

Nextcloud Android app is the Android client for Nextcloud. In versions prior to 3.16.1, a malicious app on the same device could have gotten access to the shared preferences of the Nextcloud Android application. This required user-interaction as a vi...

Exploit
  • EPSS 1.37%
  • Veröffentlicht 11.06.2021 16:15:11
  • Zuletzt bearbeitet 21.11.2024 05:50:53

Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnerable to information disclosure due to searches for sharees being performed by default on the lookup server instead of only using the local Nextcloud server unless a global search ha...

Exploit
  • EPSS 1.37%
  • Veröffentlicht 11.06.2021 16:15:11
  • Zuletzt bearbeitet 21.11.2024 05:50:54

Nextcloud iOS before 3.4.2 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only on the local Nextcloud server unless a global search has been explicitly chosen by the user...

  • EPSS 1.74%
  • Veröffentlicht 11.06.2021 16:15:11
  • Zuletzt bearbeitet 21.11.2024 05:50:54

Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brute force attacks due to lack of inclusion of IPv6 subnets in rate-limiting considerations. This could potentially result in an attacker bypassing rate-limit controls such as the Nex...

  • EPSS 0.99%
  • Veröffentlicht 11.06.2021 16:15:10
  • Zuletzt bearbeitet 21.11.2024 05:50:51

Nextcloud Mail before 1.9.5 suffers from improper access control due to a missing permission check allowing other authenticated users to create mail aliases for other users.

Exploit
  • EPSS 0.3%
  • Veröffentlicht 08.06.2021 19:15:08
  • Zuletzt bearbeitet 21.11.2024 06:07:28

Nextcloud Android is the Android client for the Nextcloud open source home cloud system. Due to a timeout issue the Android client may not properly clean all sensitive data on account removal. This could include sensitive key material such as the End...

  • EPSS 1.84%
  • Veröffentlicht 01.06.2021 22:15:08
  • Zuletzt bearbeitet 21.11.2024 06:07:28

Nextcloud Server is a Nextcloud package that handles data storage. A vulnerability in federated share exists in versions prior to 19.0.11, 20.0.10, and 21.0.2. An attacker can gain access to basic information about users of a server by accessing a pu...