Vulnerabilidades em Nextcloud
288 resultadosCVE-2022-41971MEDIUMNextcloud Talk guests can continue to receive video streams from call after being removed from a conversationEPSS 0.8%CVE-2024-22212CRITICALNextcloud global site selector authentication bypassEPSS 0.8%CVE-2023-28645MEDIUMSecure view can be bypassed by using internal API endpoint in Nextcloud richdocumentsEPSS 0.7%CVE-2017-0890—Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitablEPSS 0.7%CVE-2023-25150MEDIUMDocument content of files can be obtained through Collabora for files of other usersEPSS 0.7%CVE-2021-32727MEDIUMEnd-to-end encryption device setup did not verify public keyEPSS 0.7%CVE-2023-25161LOWNextcloud Server's missing rate limiting on password reset functionality allows sending lots of emailsEPSS 0.7%CVE-2024-52510MEDIUMNextcloud Desktop client behaves incorrectly if the initial end-to-end-encryption signature is emptyEPSS 0.7%CVE-2017-0895—Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure of calendar and addressbook names to other logged-in users. Note thatEPSS 0.7%CVE-2022-39211LOWServer-Side Request Forgery (SSRF) via potential filter bypass in Nextcloud ServerEPSS 0.7%CVE-2021-29438MEDIUMImproper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in @nextcloud/dialogsEPSS 0.7%CVE-2023-45148MEDIUMRate limiter not working reliable when Memcached is installed in NextcloudEPSS 0.7%CVE-2024-52508HIGHNextcloud Mail auto configurator can be tricked into sending account information to wrong serversEPSS 0.7%CVE-2023-32319HIGHBasic auth header on WebDAV requests is not brute-force protected in NextcloudEPSS 0.7%CVE-2023-22469MEDIUMNextcloud Deck card vulnerable to data leak to unauthorized users via reference preview cacheEPSS 0.7%CVE-2023-28998MEDIUMNextcloud Desktop client misbehaves with E2EE when the server returns empty list of metadata keysEPSS 0.7%CVE-2023-28999MEDIUMNextcloud: Lack of authenticity of metadata keys allows a malicious server to gain access to E2EE foldersEPSS 0.7%CVE-2022-31120LOWFederated share accepting/declining is not logged in audit log in Nextcloud ServerEPSS 0.7%CVE-2023-48303LOWNextcloud Server admins can change authentication details of user configured external storageEPSS 0.7%CVE-2017-0884—Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue. Due to EPSS 0.7%