Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Nextcloud Subscribe
Filtered by product Nextcloud

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-8224 1 Nextcloud 1 Nextcloud 2022-05-24 4.6 MEDIUM 7.8 HIGH
A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory.
CVE-2021-43863 1 Nextcloud 1 Nextcloud 2022-01-31 5.0 MEDIUM 7.5 HIGH
The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. The Nextcloud Android app uses content providers to manage its data. Prior to version 3.18.1, the providers `FileContentProvider` and `DiskLruImageCacheFileProvider` have security issues (an SQL injection, and an insufficient permission control, respectively) that allow malicious apps in the same device to access Nextcloud's data bypassing the permission control system. Users should upgrade to version 3.18.1 to receive a patch. There are no known workarounds aside from upgrading.
CVE-2021-32800 1 Nextcloud 1 Nextcloud 2021-09-14 6.4 MEDIUM 8.1 HIGH
Nextcloud server is an open source, self hosted personal cloud. In affected versions an attacker is able to bypass Two Factor Authentication in Nextcloud. Thus knowledge of a password, or access to a WebAuthN trusted device of a user was sufficient to gain access to an account. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.1.0. There are no workaround for this vulnerability.
CVE-2020-8259 1 Nextcloud 1 Nextcloud 2020-12-02 5.5 MEDIUM 8.1 HIGH
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryption keys.
CVE-2020-8183 1 Nextcloud 1 Nextcloud 2020-11-12 5.0 MEDIUM 7.5 HIGH
A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call.
CVE-2020-8225 1 Nextcloud 1 Nextcloud 2020-09-29 5.0 MEDIUM 7.5 HIGH
A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials.