VYPR

Nextcloud Enterprise Server

by Nextcloud

Source repositories

CVEs (133)

  • CVE-2022-39329LowOct 27, 2022
    risk 0.00cvss 3.5epss 0.01

    Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 23.0.9 and 24.0.5 are vulnerable to exposure of information that cannot be controlled by administrators without…

  • CVE-2022-36074MedSep 15, 2022
    risk 0.00cvss 6.4epss 0.01

    Nextcloud server is an open source personal cloud product. Affected versions of this package are vulnerable to Information Exposure which fails to strip the Authorization header on HTTP downgrade. This can lead to account access exposure and compromise. It is recommended that…

  • CVE-2022-29163LowMay 20, 2022
    risk 0.00cvss 3.5epss 0.01

    Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.6 and 23.0.3, a user can create a link that is not password protected even if the administrator requires links to be password protected. Versions 22.2.6 and…

  • CVE-2022-24889LowApr 27, 2022
    risk 0.00cvss 2.4epss 0.01

    Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 21.0.8, 22.2.4, and 23.0.1, it is possible to trick administrators into enabling "recommended" apps for the Nextcloud server that they do not need, thus expanding…

  • CVE-2021-41233MedMar 10, 2022
    risk 0.00cvss 6.5epss 0.01

    Nextcloud text is a collaborative document editing using Markdown built for the nextcloud server. Due to an issue with the Nextcloud Text application, which is by default shipped with Nextcloud Server, an attacker is able to access the folder names of "File Drop". For successful…

  • CVE-2021-41179MedOct 25, 2021
    risk 0.00cvss 6.5epss 0.01

    Nextcloud is an open-source, self-hosted productivity platform. Prior to Nextcloud Server versions 20.0.13, 21.0.5, and 22.2.0, the Two-Factor Authentication wasn't enforced for pages marked as public. Any page marked as `@PublicPage` could thus be accessed with a valid user…

  • CVE-2021-41177HigOct 25, 2021
    risk 0.00cvss 8.1epss 0.01

    Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, Nextcloud Server did not implement a database backend for rate-limiting purposes. Any component of Nextcloud using rate-limits (as as `AnonRateThrottle` or…

  • CVE-2021-32801MedSep 7, 2021
    risk 0.00cvss 5.5epss 0.00

    Nextcloud server is an open source, self hosted personal cloud. In affected versions logging of exceptions may have resulted in logging potentially sensitive key material for the Nextcloud Encryption-at-Rest functionality. It is recommended that the Nextcloud Server is upgraded…

  • CVE-2021-32734LowJul 12, 2021
    risk 0.00cvss 3.1epss 0.01

    Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, the Nextcloud Text application shipped with Nextcloud Server returned verbatim exception messages to the user. This could result in a full path disclosure on…

  • CVE-2021-32726HigJul 12, 2021
    risk 0.00cvss 7.1epss 0.02

    Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, webauthn tokens were not deleted after a user has been deleted. If a victim reused an earlier used username, the previous user could gain access to their account.…

  • CVE-2021-32725LowJul 12, 2021
    risk 0.00cvss 3.5epss 0.01

    Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, default share permissions were not being respected for federated reshares of files and folders. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3.…

  • CVE-2021-32680LowJul 12, 2021
    risk 0.00cvss 3.3epss 0.00

    Nextcloud Server is a Nextcloud package that handles data storage. In versions priot to 19.0.13, 20.0.11, and 21.0.3, Nextcloud Server audit logging functionality wasn't properly logging events for the unsetting of a share expiration date. This event is supposed to be logged.…

  • CVE-2021-22878MedMar 3, 2021
    risk 0.00cvss 4.8epss 0.01

    Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site scripting (XSS) due to lack of sanitization in `OC.Notification.show`.

Page 7 of 7