Vulnerabilidades em nextcloud
288 resultadosCVE-2021-41177HIGHRate-limits not working on instances without configured memory cache backendEPSS 1.5%CVE-2022-29243MEDIUMImproper input-size validation on the user new session name in Nextcloud ServerEPSS 1.4%CVE-2021-32734LOWFile path disclosure of shared files in Nextcloud Text applicationEPSS 1.4%CVE-2021-32678LOWRatelimit not applied on OCS API responsesEPSS 1.4%CVE-2023-25816MEDIUMnextcloud vulnerable to Uncontrolled Resource ConsumptionEPSS 1.4%CVE-2021-32679LOWFilenames not escaped by default in controllers using DownloadResponseEPSS 1.4%CVE-2021-37629MEDIUMLack of ratelimit on Richdocuments OCS endpoint in nextcloudEPSS 1.3%CVE-2021-32741MEDIUMLack of ratelimit on public share link mount endpointEPSS 1.3%CVE-2021-32766MEDIUMNextcloud Text app can disclose existence of folders in "File Drop" link shareEPSS 1.3%CVE-2021-39225HIGHMissing permission check on Deck APIEPSS 1.3%CVE-2021-37631MEDIUMCircle can be accessed by non-Circle members in Nextcloud DeckEPSS 1.2%CVE-2017-0886—Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Denial of Service attack. Due to an error in the application logic an authenticatedEPSS 1.2%CVE-2022-24888MEDIUMPossible Injection in Nextcloud ServerEPSS 1.2%CVE-2021-32725LOWDefault share permissions not respected for federated resharesEPSS 1.2%CVE-2021-32653LOWDefault settings leak federated cloud ID to lookup server of all usersEPSS 1.2%CVE-2017-0894—Nextcloud Server before 11.0.3 is vulnerable to disclosure of valid share tokens for public calendars due to a logical error. Thus granting EPSS 1.2%CVE-2021-37630MEDIUMSecret Circle can be joined without approval in Nextcloud CirclesEPSS 1.2%CVE-2021-41179MEDIUMTwo-Factor Authentication not enforced for pages marked as publicEPSS 1.2%CVE-2021-32707MEDIUMBypass of image blocking in Nextcloud MailEPSS 1.1%CVE-2023-28997MEDIUMNextcloud Desktop: Initialization vector reuse in E2EE allows malicious server admin to break, manipulate, access filesEPSS 1.1%