Nextcloud: Security Vulnerabilities
An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint.
CVSS Score
7.7
EPSS Score
0.01
Published
2020-05-12
An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF.
CVSS Score
5.4
EPSS Score
0.006
Published
2020-05-12
A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack.
CVSS Score
7.0
EPSS Score
0.003
Published
2020-05-12
Improper access control in Groupfolders app 4.0.3 allowed to delete hidden directories when when renaming an accessible item to the same name.
CVSS Score
8.1
EPSS Score
0.006
Published
2020-05-12
A missing check for IPv4 nested inside IPv6 in Nextcloud server < 17.0.1, < 16.0.7, and < 15.0.14 allowed a Server-Side Request Forgery (SSRF) vulnerability when subscribing to a malicious calendar URL.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-03-20
A missing access control check in Nextcloud Server < 18.0.1, < 17.0.4, and < 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL.
CVSS Score
6.5
EPSS Score
0.003
Published
2020-03-20
A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the environment.
CVSS Score
6.7
EPSS Score
0.004
Published
2020-03-20
A reflected Cross-Site Scripting vulnerability in Nextcloud Server 16.0.1 was discovered in the svg generation.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-02-04
A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer.
CVSS Score
8.1
EPSS Score
0.004
Published
2020-02-04
A missing check in Nextcloud Server 14.0.3 could give recipient the possibility to extend the expiration date of a share they received.
CVSS Score
4.3
EPSS Score
0.003
Published
2020-02-04