Vulnerabilidades en nextcloud
288 resultadosCVE-2022-24838MEDIUMCommand Injection in Appointment Emails for Nextcloud CalendarEPSS 31.6%CVE-2023-26482CRITICALScope of workflow operations is not validated in nextcloud serverEPSS 4.2%CVE-2023-31128HIGHNextCloud Cookbook's pull-checks.yml workflow is vulnerable to OS Command InjectionEPSS 3.3%CVE-2021-32802CRITICALPreview generation used third-party library not suited for user-generated content in Nextcloud serverEPSS 2.5%CVE-2022-31014MEDIUMSMTP Command Injection in iCalendar Attachments to emails via newlines in Nextcloud ServerEPSS 2.4%CVE-2021-32688HIGHApplication specific tokens can change their own scopeEPSS 2.3%CVE-2024-30247CRITICALCommand Injection as root in NextCloudPi web panelEPSS 2.1%CVE-2021-37628HIGHFile Drop can be bypassed using Richdocuments app in nextcloudEPSS 2.0%CVE-2021-43863HIGHSQL Injection in FileContentProvider (GHSL-2021-1007)EPSS 1.9%CVE-2021-32654HIGHAttacker can obtain write access to any federated share/public linkEPSS 1.8%CVE-2021-32656HIGHTrusted servers exchange can be triggered by attackerEPSS 1.8%CVE-2021-32657MEDIUMMalicious user could break user administration pageEPSS 1.8%CVE-2021-32726HIGHWebauthn tokens not removed after user has been deletedEPSS 1.8%CVE-2021-32800HIGHBypass of Two Factor Authentication in Nextcloud serverEPSS 1.7%CVE-2021-41178HIGHFile Traversal affecting SVG files on Nextcloud ServerEPSS 1.7%CVE-2021-32705MEDIUMLack of ratelimit on public DAV endpointEPSS 1.7%CVE-2018-3761—Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper authentication on the OAuth2 token endpoint. Missing checks potentially allowEPSS 1.7%CVE-2022-24741LOWHigh memory usage in Nextcloud serverEPSS 1.6%CVE-2017-0888—Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoofing vulnerability in the "files" app. The top navigation bar displayedEPSS 1.5%CVE-2021-32703MEDIUMLack of ratelimit on shareinfo endpointEPSS 1.5%