Nextcloud

Nextcloud

155 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 1.82%
  • Veröffentlicht 01.06.2021 22:15:08
  • Zuletzt bearbeitet 21.11.2024 06:07:28

Nextcloud Server is a Nextcloud package that handles data storage. In versions of Nextcloud Server prior to 10.0.11, 20.0.10, and 21.0.2, a malicious user may be able to break the user administration page. This would disallow administrators to admini...

  • EPSS 1.85%
  • Veröffentlicht 01.06.2021 21:15:07
  • Zuletzt bearbeitet 21.11.2024 06:07:28

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.11, 20.0.10, and 21.0.2, an attacker is able to receive write/read privileges on any Federated File Share. Since public links can be added as federated file ...

  • EPSS 1.03%
  • Veröffentlicht 01.06.2021 21:15:07
  • Zuletzt bearbeitet 21.11.2024 06:07:28

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.11, 20.0.10, and 21.0.2, an attacker is able to convert a Files Drop link to a federated share. This causes an issue on the UI side of the sharing user. When...

  • EPSS 1.21%
  • Veröffentlicht 01.06.2021 20:15:08
  • Zuletzt bearbeitet 21.11.2024 06:07:27

Nextcloud Server is a Nextcloud package that handles data storage. Nextcloud Server versions prior to 19.0.11, 20.0.10, or 21.0.2 send user IDs to the lookup server even if the user has no fields set to published. The vulnerability is patched in vers...

  • EPSS 0.37%
  • Veröffentlicht 04.02.2020 20:15:12
  • Zuletzt bearbeitet 21.11.2024 04:29:08

A wrong check for the system time in the Android App 3.9.0 causes a bypass of the lock protection when changing the time of the system to the past.

Exploit
  • EPSS 0.51%
  • Veröffentlicht 04.02.2020 20:15:12
  • Zuletzt bearbeitet 21.11.2024 04:29:08

Not strictly enough sanitization in the Nextcloud Android app 3.6.0 allowed an attacker to get content information from protected tables when using custom queries.

  • EPSS 1.08%
  • Veröffentlicht 04.02.2020 20:15:11
  • Zuletzt bearbeitet 21.11.2024 04:29:07

Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g. for federated users or registering for push notifications.

  • EPSS 0.78%
  • Veröffentlicht 04.02.2020 20:15:11
  • Zuletzt bearbeitet 21.11.2024 04:29:08

Missing sanitization in the iOS App 2.24.4 causes an XSS when opening malicious HTML files.

Exploit
  • EPSS 0.5%
  • Veröffentlicht 30.07.2019 21:15:11
  • Zuletzt bearbeitet 21.11.2024 04:44:57

Improper sanitization of HTML in directory names in the Nextcloud Android app prior to version 3.7.0 allowed to style the directory name in the header bar when using basic HTML.

Exploit
  • EPSS 0.43%
  • Veröffentlicht 30.07.2019 21:15:11
  • Zuletzt bearbeitet 21.11.2024 04:44:57

Bypass lock protection in the Nextcloud Android app prior to version 3.6.2 causes leaking of thumbnails when requesting the Android content provider although the lock protection was not solved.