VYPR

Vendor CVEs

Nextcloud

All CVEs

330 total · sorted by risk
  • CVE-2024-37884Jun 14, 2024
    risk 0.00cvss epss 0.00

    Nextcloud Server is a self hosted personal cloud system. A malicious user was able to send delete requests for old versions of files they only got shared with read permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3 and that the…

  • CVE-2024-37883Jun 14, 2024
    risk 0.00cvss epss 0.00

    Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A user with access to a deck board was able to access comments and attachments of already deleted cards. It is recommended that the…

  • CVE-2024-37882Jun 14, 2024
    risk 0.00cvss epss 0.01

    Nextcloud Server is a self hosted personal cloud system. A recipient of a share with read&share permissions could reshare the item with more permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.13 or 27.1.8 or 28.0.4 and that the Nextcloud Enterprise…

  • CVE-2024-37315Jun 14, 2024
    risk 0.00cvss epss 0.00

    Nextcloud Server is a self hosted personal cloud system. An attacker with read-only access to a file is able to restore older versions of a document when the files_versions app is enabled. It is recommended that the Nextcloud Server is upgraded to 26.0.12, 27.1.7 or 28.0.3 and…

  • CVE-2024-37314Jun 14, 2024
    risk 0.00cvss epss 0.00

    Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or 26.0.2.

  • CVE-2024-37313Jun 14, 2024
    risk 0.00cvss epss 0.00

    Nextcloud server is a self hosted personal cloud system. Under some circumstance it was possible to bypass the second factor of 2FA after successfully providing the user credentials. It is recommended that the Nextcloud Server is upgraded to 26.0.13, 27.1.8 or 28.0.4 and…

  • CVE-2024-37312Jun 14, 2024
    risk 0.00cvss epss 0.01

    user_oidc app is an OpenID Connect user backend for Nextcloud. Missing access control on the ID4me endpoint allows an attacker to register an account eventually getting access to data that is available to all registered users. It is recommended that the OpenID Connect user…

  • CVE-2024-30247Mar 29, 2024
    risk 0.00cvss epss 0.02

    NextcloudPi is a ready to use image for Virtual Machines, Raspberry Pi, Odroid HC1, Rock64 and other boards. A command injection vulnerability in NextCloudPi allows command execution as the root user via the NextCloudPi web-panel. Due to a security misconfiguration this can be…

  • CVE-2024-22404Jan 18, 2024
    risk 0.00cvss epss 0.01

    Nextcloud files Zip app is a tool to create zip archives from one or multiple files from within Nextcloud. In affected versions users can download "view-only" files by zipping the complete folder. It is recommended that the Files ZIP app is upgraded to 1.2.1, 1.4.1, or 1.5.0.…

  • CVE-2024-22403Jan 18, 2024
    risk 0.00cvss epss 0.00

    Nextcloud server is a self hosted personal cloud system. In affected versions OAuth codes did not expire. When an attacker would get access to an authorization code they could authenticate at any time using the code. As of version 28.0.0 OAuth codes are invalidated after 10…

  • CVE-2024-22400Jan 18, 2024
    risk 0.00cvss epss 0.00

    Nextcloud User Saml is an app for authenticating Nextcloud users using SAML. In affected versions users can be given a link to the Nextcloud server and end up on a uncontrolled thirdparty server. It is recommended that the User Saml app is upgraded to version 5.1.5, 5.2.5, or…

  • CVE-2024-22213Jan 18, 2024
    risk 0.00cvss epss 0.01

    Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions users could be tricked into executing malicious code that would execute in their browser via HTML sent as a comment. It is…

  • CVE-2023-49792Dec 22, 2023
    risk 0.00cvss epss 0.01

    Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4; when a (reverse) proxy is…

  • CVE-2023-49791Dec 22, 2023
    risk 0.00cvss epss 0.01

    Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server prior to versions 26.0.9 and 27.1.4; as well as Nextcloud Enterprise Server prior to versions 23.0.12.13, 24.0.12.9, 25.0.13.4, 26.0.9, and 27.1.4; when an attacker manages…

  • CVE-2023-49790Dec 22, 2023
    risk 0.00cvss epss 0.00

    The Nextcloud iOS Files app allows users of iOS to interact with Nextcloud, a self-hosted productivity platform. Prior to version 4.9.2, the application can be used without providing the 4 digit PIN code. Nextcloud iOS Files app should be upgraded to 4.9.2 to receive the patch.…

  • CVE-2023-42556Dec 5, 2023
    risk 0.00cvss epss 0.00

    Improper usage of implicit intent in Contacts prior to SMR Dec-2023 Release 1 allows attacker to get sensitive information.

  • CVE-2023-48307Nov 21, 2023
    risk 0.00cvss epss 0.01

    Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Starting in version 1.13.0 and prior to version 2.2.8 and 3.3.0, an attacker can use an unprotected endpoint in the Mail app to perform a SSRF attack. Nextcloud Mail app versions 2.2.8 and 3.3.0…

  • CVE-2023-48306Nov 21, 2023
    risk 0.00cvss epss 0.01

    Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and starting in version 22.0.0 and prior to versions 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0.11,…

  • CVE-2023-48305Nov 21, 2023
    risk 0.00cvss epss 0.00

    Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and Nextcloud Enterprise Server, when the log level was set to debug, the user_ldap app logged…

  • CVE-2023-48304Nov 21, 2023
    risk 0.00cvss epss 0.01

    Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and starting in version 22.0.0 and prior to versions 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0.11,…

  • CVE-2023-48303Nov 21, 2023
    risk 0.00cvss epss 0.01

    Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and Nextcloud Enterprise Server, admins can change authentication details of user configured…

  • CVE-2023-48302Nov 21, 2023
    risk 0.00cvss epss 0.01

    Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and Nextcloud Enterprise Server, when a user is tricked into copy pasting HTML code without…

  • CVE-2023-48301Nov 21, 2023
    risk 0.00cvss epss 0.01

    Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and Nextcloud Enterprise Server, an attacker could insert links into circles name that would be…

  • CVE-2023-48239Nov 21, 2023
    risk 0.00cvss epss 0.01

    Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and starting in version 20.0.0 and prior to versions 20.0.14.16, 21.0.9.13, 22.2.10.15,…

  • CVE-2023-45148Oct 16, 2023
    risk 0.00cvss epss 0.01

    Nextcloud is an open source home cloud server. When Memcached is used as `memcache.distributed` the rate limiting in Nextcloud Server could be reset unexpectedly resetting the rate count earlier than intended. Users are advised to upgrade to versions 25.0.11, 26.0.6 or 27.1.0.…

  • CVE-2023-45151Oct 16, 2023
    risk 0.00cvss epss 0.00

    Nextcloud server is an open source home cloud platform. Affected versions of Nextcloud stored OAuth2 tokens in plaintext which allows an attacker who has gained access to the server to potentially elevate their privilege. This issue has been addressed and users are recommended…

  • CVE-2023-45660Oct 16, 2023
    risk 0.00cvss epss 0.01

    Nextcloud mail is an email app for the Nextcloud home server platform. In affected versions a missing check of origin, target and cookies allows for an attacker to abuse the proxy endpoint to denial of service a third server. It is recommended that the Nextcloud Mail is upgraded…

  • CVE-2023-39960Oct 13, 2023
    risk 0.00cvss epss 0.01

    Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server starting with 25.0.0 and prior to 25.09 and 26.04; as well as Nextcloud Enterprise Server starting with 22.0.0 and prior to 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, and…

  • CVE-2023-39963Aug 10, 2023
    risk 0.00cvss epss 0.00

    Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 20.0.0 and prior to versions 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1, a missing password confirmation allowed an attacker, after…

  • CVE-2023-39962Aug 10, 2023
    risk 0.00cvss epss 0.01

    Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 19.0.0 and prior to versions 19.0.13.10, 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1, a malicious user could delete any personal or…

  • CVE-2023-39961Aug 10, 2023
    risk 0.00cvss epss 0.00

    Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 24.0.4 and prior to versions 25.0.9, 26.0.4, and 27.0.1, when a folder with images or an image was shared without download permissions, the user could add the image inline…

  • CVE-2023-39959Aug 10, 2023
    risk 0.00cvss epss 0.00

    Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.9, 26.0.4, and 27.0.1, unauthenticated users could send a DAV request which reveals whether a calendar or an address book with the given…

  • CVE-2023-39958Aug 10, 2023
    risk 0.00cvss epss 0.01

    Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 22.0.0 and prior to versions 22.2.10.13, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1, missing protection allows an attacker to brute force the client secrets of…

  • CVE-2023-39957Aug 10, 2023
    risk 0.00cvss epss 0.00

    Nextcloud Talk Android allows users to place video and audio calls through Nextcloud on Android. Prior to version 17.0.0, an unprotected intend allowed malicious third party apps to trick the Talk Android app into writing files outside of its intended cache directory. Nextcloud…

  • CVE-2023-39954Aug 10, 2023
    risk 0.00cvss epss 0.00

    user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, an attacker that obtained at least read access to a snapshot of the database can impersonate the Nextcloud server towards linked…

  • CVE-2023-39953Aug 10, 2023
    risk 0.00cvss epss 0.00

    user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, missing verification of the issuer would have allowed an attacker to perform a man-in-the-middle attack returning corrupted or…

  • CVE-2023-39952Aug 10, 2023
    risk 0.00cvss epss 0.01

    Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 22.0.0 and prior to versions 22.2.10.13, 23.0.12.8, 24.0.12.4, 25.0.8, 26.0.3, and 27.0.1, a user can access files inside a subfolder of a groupfolder accessible to them,…

  • CVE-2023-35928Jun 23, 2023
    risk 0.00cvss epss 0.01

    Nextcloud Server is a space for data storage on Nextcloud, a self-hosted productivity playform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 19.0.0 until 19.0.13.9, 20.0.0 until 20.0.14.14, 21.0.0 until…

  • CVE-2023-35927Jun 23, 2023
    risk 0.00cvss epss 0.01

    NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 21.0.0 until 21.0.9.12, 22.0.0 until…

  • CVE-2023-35173Jun 23, 2023
    risk 0.00cvss epss 0.00

    Nextcloud End-to-end encryption app provides all the necessary APIs to implement End-to-End encryption on the client side. By providing an invalid meta data file, an attacker can make previously dropped files inaccessible. It is recommended that the Nextcloud End-to-end…

  • CVE-2023-35172Jun 23, 2023
    risk 0.00cvss epss 0.01

    NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 21.0.0 until 21.0.9.12, 22.0.0 until…

  • CVE-2023-35171Jun 23, 2023
    risk 0.00cvss epss 0.01

    NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. Starting in version 26.0.0 and prior to version 26.0.2, an attacker could supply a URL that redirects an unsuspecting victim from a legitimate domain to an…

  • CVE-2023-32320Jun 22, 2023
    risk 0.00cvss epss 0.01

    Nextcloud Server is a data storage system for Nextcloud, a self-hosted productivity platform. When multiple requests are sent in parallel, all of them were executed even if the amount of faulty requests succeeded the limit by the time the response was sent to the client. This…

  • CVE-2023-33182May 30, 2023
    risk 0.00cvss epss 0.01

    Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. The unsanitized SVG is converted to a JavaScript blob (in memory data) that the Avatar can't render. Due to this constellation the missing sanitization does not seem to…

  • CVE-2023-33184May 27, 2023
    risk 0.00cvss epss 0.01

    Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that the Mail app is update to version 3.02, 2.2.5 or 1.15.3.

  • CVE-2023-32319May 26, 2023
    risk 0.00cvss epss 0.01

    Nextcloud server is an open source personal cloud implementation. Missing brute-force protection on the WebDAV endpoints via the basic auth header allowed to brute-force user credentials when the provided user name was not an email address. Users from version 24.0.0 onward are…

  • CVE-2023-31128May 26, 2023
    risk 0.00cvss epss 0.03

    NextCloud Cookbook is a recipe library app. Prior to commit a46d9855 on the `master` branch and commit 489bb744 on the `main-0.9.x` branch, the `pull-checks.yml` workflow is vulnerable to command injection attacks because of using an untrusted `github.head_ref` field. The…

  • CVE-2023-32318May 26, 2023
    risk 0.00cvss epss 0.00

    Nextcloud server provides a home for data. A regression in the session handling between Nextcloud Server and the Nextcloud Text app prevented a correct destruction of the session on logout if cookies were not cleared manually. After successfully authenticating with any other…

  • CVE-2023-32074May 25, 2023
    risk 0.00cvss epss 0.01

    user_oidc app is an OpenID Connect user backend for Nextcloud. Authentication can be broken/bypassed in user_oidc app. It is recommended that the Nextcloud user_oidc app is upgraded to 1.3.2

  • CVE-2023-28847Apr 25, 2023
    risk 0.00cvss epss 0.01

    Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server 24.0.0 prior to 24.0.11 and 25.0.0 prior to 25.0.5; as well as Nextcloud Server Enterprise 23.0.0 prior to 23.0.12.6, 24.0.0 prior to 24.0.11, and 25.0.0 prior to…

Page 3 of 7