VYPR

rpm package

opensuse/nextcloud&distro=openSUSE Leap 15.2

pkg:rpm/opensuse/nextcloud&distro=openSUSE%20Leap%2015.2

Vulnerabilities (25)

  • CVE-2020-8183Oct 30, 2020
    affected < 20.0.0-bp152.2.3.1fixed 20.0.0-bp152.2.3.1

    A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call.

  • CVE-2020-8228Oct 5, 2020
    affected < 20.0.0-bp152.2.3.1fixed 20.0.0-bp152.2.3.1

    A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times.

  • CVE-2020-8233Aug 17, 2020
    affected < 20.0.0-bp152.2.3.1fixed 20.0.0-bp152.2.3.1

    A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges.

  • CVE-2020-8155May 12, 2020
    affected < 20.0.0-bp152.2.3.1fixed 20.0.0-bp152.2.3.1

    An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF.

  • CVE-2020-8154May 12, 2020
    affected < 20.0.0-bp152.2.3.1fixed 20.0.0-bp152.2.3.1

    An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint.

Page 2 of 2