Nextcloud Server — набор клиент-серверных программ для создания и использования хранилища данных.

Релизный цикл, информация об уязвимостях

Продукт: Nextcloud Server

Вендор: nextcloud

График релизов

Недавние уязвимости Nextcloud Server

Количество 409

CVE-2016-9468

больше 8 лет назад

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of information.

CVSS3: 5.3

EPSS: Низкий

CVE-2016-9468

больше 8 лет назад

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0 ...

CVSS3: 5.3

EPSS: Низкий

CVE-2016-9467

больше 8 лет назад

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user.

CVSS3: 5.3

EPSS: Низкий

CVE-2016-9467

больше 8 лет назад

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0 ...

CVSS3: 5.3

EPSS: Низкий

CVE-2016-9466

больше 8 лет назад

Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Reflected XSS in the Gallery application. The gallery app was not properly sanitizing exception messages from the Nextcloud/ownCloud server. Due to an endpoint where an attacker could influence the error message, this led to a reflected Cross-Site-Scripting vulnerability.

CVSS3: 6.1

EPSS: Низкий

CVE-2016-9466

больше 8 лет назад

Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1. ...

CVSS3: 6.1

EPSS: Низкий

CVE-2016-9465

больше 8 лет назад

Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDAV image export functionality as implemented in Nextcloud/ownCloud allows the download of images stored within a vCard. Due to not performing any kind of verification on the image content this is prone to a stored Cross-Site Scripting attack.

CVSS3: 5.4

EPSS: Низкий

CVE-2016-9465

больше 8 лет назад

Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1. ...

CVSS3: 5.4

EPSS: Низкий

CVE-2016-9464

больше 8 лет назад

Nextcloud Server before 9.0.54 and 10.0.0 suffers from an improper authorization check on removing shares. The Sharing Backend as implemented in Nextcloud does differentiate between shares to users and groups. In case of a received group share, users should be able to unshare the file to themselves but not to the whole group. The previous API implementation simply unshared the file to all users in the group.

CVSS3: 4.3

EPSS: Низкий

CVE-2016-9464

больше 8 лет назад

Nextcloud Server before 9.0.54 and 10.0.0 suffers from an improper aut ...

CVSS3: 4.3

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2016-9468 Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of information.	CVSS3: 5.3	0% Низкий	больше 8 лет назад
CVE-2016-9468 Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0 ...	CVSS3: 5.3	0% Низкий	больше 8 лет назад
CVE-2016-9467 Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user.	CVSS3: 5.3	1% Низкий	больше 8 лет назад
CVE-2016-9467 Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0 ...	CVSS3: 5.3	1% Низкий	больше 8 лет назад
CVE-2016-9466 Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Reflected XSS in the Gallery application. The gallery app was not properly sanitizing exception messages from the Nextcloud/ownCloud server. Due to an endpoint where an attacker could influence the error message, this led to a reflected Cross-Site-Scripting vulnerability.	CVSS3: 6.1	1% Низкий	больше 8 лет назад
CVE-2016-9466 Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1. ...	CVSS3: 6.1	1% Низкий	больше 8 лет назад
CVE-2016-9465 Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDAV image export functionality as implemented in Nextcloud/ownCloud allows the download of images stored within a vCard. Due to not performing any kind of verification on the image content this is prone to a stored Cross-Site Scripting attack.	CVSS3: 5.4	1% Низкий	больше 8 лет назад
CVE-2016-9465 Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1. ...	CVSS3: 5.4	1% Низкий	больше 8 лет назад
CVE-2016-9464 Nextcloud Server before 9.0.54 and 10.0.0 suffers from an improper authorization check on removing shares. The Sharing Backend as implemented in Nextcloud does differentiate between shares to users and groups. In case of a received group share, users should be able to unshare the file to themselves but not to the whole group. The previous API implementation simply unshared the file to all users in the group.	CVSS3: 4.3	0% Низкий	больше 8 лет назад
CVE-2016-9464 Nextcloud Server before 9.0.54 and 10.0.0 suffers from an improper aut ...	CVSS3: 4.3	0% Низкий	больше 8 лет назад

Уязвимостей на страницу