nextcloud

359 tracked vulnerabilities.

CVE-2022-41969 LOW
Nextcloud Server < 23.0.11, 24.0.7, 25.0.0 - Denial of Service via Long Password Creation
Dec 01, 2022
CVSS 2.4
EPSS 0.00
CVE-2022-41968 LOW
Nextcloud Server 23.0.0-23.0.9 - Denial of Service via Calendar Name Length
Dec 01, 2022
CVSS 3.5
EPSS 0.00
CVE-2022-39333 MEDIUM
Nextcloud Desktop < 3.6.1 - Stored Cross-Site Scripting
Nov 25, 2022
CVSS 4.6
EPSS 0.00
CVE-2022-39332 MEDIUM
Nextcloud Desktop < 3.6.1 - Stored Cross-Site Scripting via User Status
Nov 25, 2022
CVSS 4.6
EPSS 0.00
CVE-2022-41926 LOW
Nextcloud Talk < 14.1.0 - Unauthorized Communication Monitoring via Unprotected Broadcast Receiver
Nov 25, 2022
CVSS 3.3
EPSS 0.00
CVE-2022-39346 LOW
Nextcloud Server < 22.2.10 - Denial of Service via Uncontrolled Display Name Length
Nov 25, 2022
CVSS 3.5
EPSS 0.02
CVE-2022-39339 MEDIUM
nextcloud/openid_connect_user_backend < 1.2.1 - Cleartext Transmission of Sensitive Information
Nov 25, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-39338 LOW
nextcloud/openid_connect_user_backend < 1.2.1 - Stored Cross-Site Scripting via Discovery URL Validation
Nov 25, 2022
CVSS 3.5
EPSS 0.00
CVE-2022-39334 LOW
Nextcloud Desktop < 3.6.1 - Improper Certificate Validation in nextcloudcmd CLI
Nov 25, 2022
CVSS 3.9
EPSS 0.00
CVE-2022-39331 MEDIUM
Nextcloud Desktop < 3.6.1 - Stored Cross-Site Scripting in Notification Renderer
Nov 25, 2022
CVSS 4.6
EPSS 0.00
CVE-2022-41882 MEDIUM
Nextcloud Desktop Client <3.6.0 - Code Injection
Nov 11, 2022
CVSS 6.6
EPSS 0.00
CVE-2022-39364 MEDIUM
Nextcloud Server <23.0.9 & Enterprise <22.2.10.5 - Cleartext SharePoint Credentials in Logs
Oct 27, 2022
CVSS 4.0
EPSS 0.00
CVE-2022-39330 MEDIUM
Nextcloud Server < 23.0.10 and Nextcloud Enterprise Server < 22.2.10 - Authenticated Denial of Service via Circles App
Oct 27, 2022
CVSS 4.8
EPSS 0.00
CVE-2022-39329 LOW
Nextcloud Server and Nextcloud Enterprise Server < 23.0.9 - Unauthenticated Information Exposure
Oct 27, 2022
CVSS 3.5
EPSS 0.00
CVE-2022-39212 MEDIUM
Nextcloud Talk < 13.0.8 - Unauthorized Exposure of Last Video Frame
Sep 17, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-39210 LOW
Nextcloud Android < 3.21.0 - Path Traversal
Sep 17, 2022
CVSS 3.2
EPSS 0.00
CVE-2022-39211 LOW
Nextcloud Server < 23.0.8 and Nextcloud Enterprise Server < 22.2.10.4 - Server-Side Request Forgery
Sep 16, 2022
CVSS 3.0
EPSS 0.00
CVE-2022-36075 LOW
Nextcloud Files Access Control <1.12.2-1.14.1 - Info Disclosure
Sep 15, 2022
CVSS 2.6
EPSS 0.00
CVE-2022-36074 MEDIUM
Nextcloud <24.0.3 - Info Disclosure
Sep 15, 2022
CVSS 6.4
EPSS 0.00
CVE-2022-35931 LOW
Nextcloud <22.2.10, <23.0.7, <24.0.3 - Info Disclosure
Sep 06, 2022
CVSS 2.7
EPSS 0.00
CVE-2022-35932 LOW
Nextcloud Talk <12.2.7, 13.0.7, 14.0.3 - Info Disclosure
Aug 12, 2022
CVSS 3.5
EPSS 0.01
CVE-2022-31119 LOW
Nextcloud Mail <1.12.1 - Info Disclosure
Aug 04, 2022
CVSS 3.1
EPSS 0.00
CVE-2022-31132 HIGH
Nextcloud Mail < 1.12.8 - Server-Side Request Forgery via CSS Minifier
Aug 04, 2022
CVSS 8.3
EPSS 0.00
CVE-2022-31120 LOW
Nextcloud <22.2.7, <23.0.4, <24.0.0 - Info Disclosure
Aug 04, 2022
CVSS 2.1
EPSS 0.00
CVE-2022-31118 MEDIUM
Nextcloud <22.2.8, <23.0.5, <24.0.1 - Info Disclosure
Aug 04, 2022
CVSS 6.5
EPSS 0.00
Products
nextcloud_server 181 nextcloud 28 desktop 27 talk 20 deck 17 mail 15 Nextcloud Server 12 calendar 9 richdocuments 8 contacts 7 user_oidc 7 nextcloud_enterprise_server 6 tables 5 circles 3 group_folders 3 Flow 2 end-to-end_encryption 2 guests 2 news 2 nextcloud_talk 2 notes 2 openid_connect_user_backend 2 preferred_providers 2 server 2 social 2 Nextcloud 1 approval 1 cookbook 1 dialogs 1 extract 1
Quick Filters
Critical CVEs With Exploits In CISA KEV