rpm package
suse/nextcloud&distro=SUSE Package Hub 15 SP2
pkg:rpm/suse/nextcloud&distro=SUSE%20Package%20Hub%2015%20SP2
Vulnerabilities (25)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-8183 | — | < 20.0.0-bp152.2.3.1 | 20.0.0-bp152.2.3.1 | Oct 30, 2020 | A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call. | ||
| CVE-2020-8228 | — | < 20.0.0-bp152.2.3.1 | 20.0.0-bp152.2.3.1 | Oct 5, 2020 | A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times. | ||
| CVE-2020-8233 | — | < 20.0.0-bp152.2.3.1 | 20.0.0-bp152.2.3.1 | Aug 17, 2020 | A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges. | ||
| CVE-2020-8155 | — | < 20.0.0-bp152.2.3.1 | 20.0.0-bp152.2.3.1 | May 12, 2020 | An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF. | ||
| CVE-2020-8154 | — | < 20.0.0-bp152.2.3.1 | 20.0.0-bp152.2.3.1 | May 12, 2020 | An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint. |
- CVE-2020-8183Oct 30, 2020affected < 20.0.0-bp152.2.3.1fixed 20.0.0-bp152.2.3.1
A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call.
- CVE-2020-8228Oct 5, 2020affected < 20.0.0-bp152.2.3.1fixed 20.0.0-bp152.2.3.1
A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times.
- CVE-2020-8233Aug 17, 2020affected < 20.0.0-bp152.2.3.1fixed 20.0.0-bp152.2.3.1
A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges.
- CVE-2020-8155May 12, 2020affected < 20.0.0-bp152.2.3.1fixed 20.0.0-bp152.2.3.1
An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF.
- CVE-2020-8154May 12, 2020affected < 20.0.0-bp152.2.3.1fixed 20.0.0-bp152.2.3.1
An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint.
Page 2 of 2