Nextcloud Nextcloud Server
15 CVEs affecting Nextcloud Nextcloud Server. Latest disclosed: 2018-07-05. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-0886 | Medium | 6.5 | 2017-04-05 | Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Denial of Service attack. Due to an error in the application logic an authenticated adversary may trig… |
CVE-2017-0883 | Medium | 6.4 | 2017-04-05 | Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue. A permission related issue within the OCS sharing… |
CVE-2017-0893 | Medium | 5.4 | 2017-05-08 | Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are shipping a vulnerable JavaScript library for sanitizing untrusted user-input which suffered from a XSS… |
CVE-2017-0891 | Medium | 5.4 | 2017-05-08 | Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to an inadequate escaping of error messages leading to XSS vulnerabilities in multiple comp… |
CVE-2017-0890 | Medium | 5.4 | 2017-05-08 | Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to wri… |
CVE-2017-0894 | Medium | 4.3 | 2017-05-08 | Nextcloud Server before 11.0.3 is vulnerable to disclosure of valid share tokens for public calendars due to a logical error. Thus granting an attacker potenti… |
CVE-2017-0888 | Medium | 4.3 | 2017-04-05 | Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoofing vulnerability in the "files" app. The top navigation bar displayed in the files list… |
CVE-2017-0887 | Medium | 4.3 | 2017-04-05 | Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation. Due to not properly sanitizing values provided by the `OC-Total-Length… |
CVE-2017-0885 | Medium | 4.3 | 2017-04-05 | Nextcloud Server before 9.0.55 and 10.0.2 suffers from a error message disclosing existence of file in write-only share. Due to an error in the application log… |
CVE-2017-0884 | Medium | 4.3 | 2017-04-05 | Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue. Due to a logical error in… |
CVE-2017-0895 | Low | 3.5 | 2017-05-08 | Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure of calendar and addressbook names to other logged-in users. Note that no actual content… |
CVE-2017-0892 | Low | 3.5 | 2017-05-08 | Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an application specific password without permission to the files access to… |
CVE-2018-3762 | | 2018-07-05 | Nextcloud Server before 12.0.8 and 13.0.3 suffers from improper checks of dropped permissions for incoming shares allowing a user to still request previews for… | |
CVE-2018-3761 | | 2018-07-05 | Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper authentication on the OAuth2 token endpoint. Missing checks potentially allowed handing out new… | |
CVE-2017-0936 | | 2018-03-28 | Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. A missing ownership check allowed log… |