nextcloud

359 tracked vulnerabilities.

CVE-2019-15622 LOW
Nextcloud Android App < 3.6.1 - SQL Injection via Custom Queries
Feb 04, 2020
CVSS 2.4
EPSS 0.00
CVE-2019-15621 MEDIUM
Nextcloud Server 16.0.1 - Info Disclosure
Feb 04, 2020
CVSS 6.5
EPSS 0.00
CVE-2019-15620 LOW
Nextcloud Talk < 6.0.4 - Unauthenticated Private Conversation Name Leak via Projects Feature
Feb 04, 2020
CVSS 2.7
EPSS 0.00
CVE-2019-15619 MEDIUM
Nextcloud Deck <0.6.6, Server <16.0.4, Talk <6.0.4 - Stored XSS via Links
Feb 04, 2020
CVSS 4.8
EPSS 0.00
CVE-2019-15618 MEDIUM
Nextcloud Server < 14.0.9 - Reflected Cross-Site Scripting in Updater
Feb 04, 2020
CVSS 4.8
EPSS 0.00
CVE-2019-15617 MEDIUM
Nextcloud Server < 17.0.1 - Improper Authentication via Second Factor Setup
Feb 04, 2020
CVSS 5.4
EPSS 0.00
CVE-2019-15616 MEDIUM
Nextcloud Server < 17.0.0 - CRLF Injection via Dangling Remote Share Attempts
Feb 04, 2020
CVSS 4.3
EPSS 0.00
CVE-2019-15615 MEDIUM
Nextcloud Android App < 3.9.0 - Lock Protection Bypass via System Time Manipulation
Feb 04, 2020
CVSS 6.1
EPSS 0.00
CVE-2019-15614 MEDIUM
Nextcloud iOS App < 2.25.0 - Cross-Site Scripting via Malicious HTML File
Feb 04, 2020
CVSS 5.4
EPSS 0.00
CVE-2019-15613 HIGH
Nextcloud Server 17.0.1 - Insufficient Verification of Data Authenticity in Workflow Rules
Feb 04, 2020
CVSS 8.0
EPSS 0.00
CVE-2019-15612 MEDIUM
Nextcloud Server <15.0.2 - Info Disclosure
Feb 04, 2020
CVSS 5.9
EPSS 0.00
CVE-2019-15611 MEDIUM
Nextcloud iOS App < 2.24.0 - Credential Leak via Federated Search and Push Notification Registration
Feb 04, 2020
CVSS 4.9
EPSS 0.01
CVE-2019-15610 MEDIUM
Circles < 0.16.11 - Improper Authorization
Feb 04, 2020
CVSS 4.3
EPSS 0.01
CVE-2019-5476 CRITICAL
Nextcloud Lookup-Server < 0.3.0 - Unauthenticated SQL Injection
Aug 07, 2019
CVSS 9.8
EPSS 0.01
CVE-2019-5455 MEDIUM
Nextcloud Android app 3.6.0 - Improper Authentication via Multi-Account Creation Abort
Jul 30, 2019
CVSS 6.8
EPSS 0.00
CVE-2019-5454 CRITICAL
Nextcloud Android App < 3.0.0 - SQL Injection
Jul 30, 2019
CVSS 9.8
EPSS 0.00
CVE-2019-5453 MEDIUM
Nextcloud Android App < 3.3.0 - Authentication Bypass via File Provider Switch
Jul 30, 2019
CVSS 6.1
EPSS 0.00
CVE-2019-5452 LOW
Nextcloud Android App < 3.6.2 - Improper Access Control via Thumbnail Content Provider
Jul 30, 2019
CVSS 2.4
EPSS 0.00
CVE-2019-5451 MEDIUM
Nextcloud Android App < 3.6.1 - Unauthenticated Lock Protection Bypass
Jul 30, 2019
CVSS 4.6
EPSS 0.00
CVE-2019-5450 MEDIUM
Nextcloud Android App < 3.7.0 - Stored Cross-Site Scripting via Directory Name HTML Injection
Jul 30, 2019
CVSS 6.8
EPSS 0.00
CVE-2019-5449 MEDIUM
Nextcloud Server < 15.0.1 - Unauthorized Calendar Event Name Disclosure
Jul 30, 2019
CVSS 4.3
EPSS 0.00
CVE-2019-12739 CRITICAL
Nextcloud Extract < 1.2.0 - Remote Code Execution via RAR Filename Shell Metacharacters
Jun 05, 2019
CVSS 9.0
EPSS 0.01
CVE-2018-16467 MEDIUM
Nextcloud Server < 14.0.0 - Unauthenticated Access to Password-Protected Share Previews
Oct 30, 2018
CVSS 5.3
EPSS 0.00
CVE-2018-16466 HIGH
Nextcloud Server <14.0.0-12.0.11 - Privilege Escalation
Oct 30, 2018
CVSS 8.1
EPSS 0.00
CVE-2018-16465 MEDIUM
Nextcloud Server < 14.0.0 - Improper Authentication via Second Factor Provider Failure
Oct 30, 2018
CVSS 5.3
EPSS 0.00
Products
nextcloud_server 181 nextcloud 28 desktop 27 talk 20 deck 17 mail 15 Nextcloud Server 12 calendar 9 richdocuments 8 contacts 7 user_oidc 7 nextcloud_enterprise_server 6 tables 5 circles 3 group_folders 3 Flow 2 end-to-end_encryption 2 guests 2 news 2 nextcloud_talk 2 notes 2 openid_connect_user_backend 2 preferred_providers 2 server 2 social 2 Nextcloud 1 approval 1 cookbook 1 dialogs 1 extract 1
Quick Filters
Critical CVEs With Exploits In CISA KEV