Nextcloud: Security Vulnerabilities
A reflected Cross-Site Scripting vulnerability in Nextcloud Server 16.0.1 was discovered in the svg generation.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-02-04
A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer.
CVSS Score
8.1
EPSS Score
0.004
Published
2020-02-04
A missing check in Nextcloud Server 14.0.3 could give recipient the possibility to extend the expiration date of a share they received.
CVSS Score
4.3
EPSS Score
0.003
Published
2020-02-04
Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public event.
CVSS Score
4.3
EPSS Score
0.003
Published
2020-02-04
An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application.
CVSS Score
5.0
EPSS Score
0.013
Published
2020-02-04
Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app.
CVSS Score
4.3
EPSS Score
0.005
Published
2020-02-04
A wrong check for the system time in the Android App 3.9.0 causes a bypass of the lock protection when changing the time of the system to the past.
CVSS Score
6.1
EPSS Score
0.001
Published
2020-02-04
Dangling remote share attempts in Nextcloud 16 allow a DNS pollution when running long.
CVSS Score
4.3
EPSS Score
0.003
Published
2020-02-04
A missing check in Nextcloud Server 17.0.0 allowed an attacker to set up a new second factor when trying to login.
CVSS Score
5.4
EPSS Score
0.001
Published
2020-02-04
Missing escaping of HTML in the Updater of Nextcloud 15.0.5 allowed a reflected XSS when starting the updater from a malicious location.
CVSS Score
4.8
EPSS Score
0.002
Published
2020-02-04