Количество 409
Количество 409
openSUSE-SU-2018:4002-1
Security update for nextcloud
openSUSE-SU-2018:3999-1
Security update for nextcloud
openSUSE-SU-2018:2521-2
Security update for nextcloud
openSUSE-SU-2018:2521-1
Security update for nextcloud
openSUSE-SU-2018:2510-1
Security update for nextcloud
openSUSE-SU-2018:1040-1
Security update for nextcloud
GHSA-xqxr-66xr-xfq3
An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF.
GHSA-wp2j-2549-fwhp
A logic error in Nextcloud Server 19.0.0 caused a privilege escalation allowing malicious users to reshare with higher permissions than they got assigned themselves.
GHSA-wjx4-rv24-8pr4
A missing check in Nextcloud Server prior to 14.0.0 could give unauthorized access to the previews of single file password protected shares.
GHSA-wh9j-q6hg-x337
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on.
GHSA-wgxr-73ph-q4xr
Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public event.
GHSA-w44g-m97f-qr3p
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue. Due to a logical error in the file caching layer an authenticated adversary is able to create empty folders inside a shared folder. Note that this only affects folders and files that the adversary has at least read-only permissions for.
GHSA-vgrh-7g93-824h
Bypass lock protection in the Nextcloud Android app prior to version 3.6.1 allows accessing the files when repeatedly opening and closing the app in a very short time.
GHSA-v9r7-gccq-cp4v
A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended.
GHSA-v76x-gvw2-m5rp
Missing state in Nextcloud Server prior to 14.0.0 would not enforce the use of a second factor at login if the the provider of the second factor failed to load.
GHSA-v6cm-gq9r-7cpp
Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an application specific password without permission to the files access to the users file.
GHSA-v65r-wc6r-r9x8
A missing user check in Nextcloud prior to 20.0.6 inadvertently populates a user's own credentials for other users external storage configuration when not already configured yet.
GHSA-rw2m-m5fq-rcj4
Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app.
GHSA-rc6x-59rr-4g8r
A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes.
GHSA-r69w-pvjm-xg3v
Nextcloud Server before 9.0.54 and 10.0.0 suffers from an improper authorization check on removing shares. The Sharing Backend as implemented in Nextcloud does differentiate between shares to users and groups. In case of a received group share, users should be able to unshare the file to themselves but not to the whole group. The previous API implementation simply unshared the file to all users in the group.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | openSUSE-SU-2018:4002-1 Security update for nextcloud | 0% Низкий | больше 6 лет назад | |
| openSUSE-SU-2018:3999-1 Security update for nextcloud | 0% Низкий | больше 6 лет назад | |
| openSUSE-SU-2018:2521-2 Security update for nextcloud | 0% Низкий | почти 7 лет назад | |
| openSUSE-SU-2018:2521-1 Security update for nextcloud | 0% Низкий | почти 7 лет назад | |
| openSUSE-SU-2018:2510-1 Security update for nextcloud | 0% Низкий | почти 7 лет назад | |
| openSUSE-SU-2018:1040-1 Security update for nextcloud | 0% Низкий | около 7 лет назад | |
| GHSA-xqxr-66xr-xfq3 An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF. | 1% Низкий | около 3 лет назад | |
| GHSA-wp2j-2549-fwhp A logic error in Nextcloud Server 19.0.0 caused a privilege escalation allowing malicious users to reshare with higher permissions than they got assigned themselves. | 0% Низкий | около 3 лет назад | |
| GHSA-wjx4-rv24-8pr4 A missing check in Nextcloud Server prior to 14.0.0 could give unauthorized access to the previews of single file password protected shares. | CVSS3: 5.3 | 0% Низкий | около 3 лет назад |
| GHSA-wh9j-q6hg-x337 Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on. | CVSS3: 4.4 | 0% Низкий | около 3 лет назад |
| GHSA-wgxr-73ph-q4xr Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public event. | 0% Низкий | около 3 лет назад | |
| GHSA-w44g-m97f-qr3p Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue. Due to a logical error in the file caching layer an authenticated adversary is able to create empty folders inside a shared folder. Note that this only affects folders and files that the adversary has at least read-only permissions for. | CVSS3: 4.3 | 0% Низкий | около 3 лет назад |
| GHSA-vgrh-7g93-824h Bypass lock protection in the Nextcloud Android app prior to version 3.6.1 allows accessing the files when repeatedly opening and closing the app in a very short time. | 0% Низкий | около 3 лет назад | |
| GHSA-v9r7-gccq-cp4v A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended. | CVSS3: 2.2 | 0% Низкий | около 3 лет назад |
| GHSA-v76x-gvw2-m5rp Missing state in Nextcloud Server prior to 14.0.0 would not enforce the use of a second factor at login if the the provider of the second factor failed to load. | CVSS3: 5.3 | 0% Низкий | около 3 лет назад |
| GHSA-v6cm-gq9r-7cpp Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an application specific password without permission to the files access to the users file. | CVSS3: 3.5 | 1% Низкий | около 3 лет назад |
| GHSA-v65r-wc6r-r9x8 A missing user check in Nextcloud prior to 20.0.6 inadvertently populates a user's own credentials for other users external storage configuration when not already configured yet. | CVSS3: 6.5 | 0% Низкий | около 3 лет назад |
| GHSA-rw2m-m5fq-rcj4 Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app. | 1% Низкий | около 3 лет назад | |
| GHSA-rc6x-59rr-4g8r A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes. | CVSS3: 8 | 0% Низкий | около 3 лет назад |
| GHSA-r69w-pvjm-xg3v Nextcloud Server before 9.0.54 and 10.0.0 suffers from an improper authorization check on removing shares. The Sharing Backend as implemented in Nextcloud does differentiate between shares to users and groups. In case of a received group share, users should be able to unshare the file to themselves but not to the whole group. The previous API implementation simply unshared the file to all users in the group. | CVSS3: 4.3 | 0% Низкий | около 3 лет назад |
Уязвимостей на страницу