cbcvebase.

Nextcloud Server vulnerabilities

189 known vulnerabilities affecting nextcloud/nextcloud_server.

Total CVEs
189
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL7HIGH42MEDIUM125LOW15

Vulnerabilities

Page 10 of 10
CVE-2017-0895P4LOWCVSS 3.5≥ 10.0.0, < 10.0.4≥ 11.0.0, < 11.0.2+1 more2017-05-08
CVE-2017-0895 [LOW] CWE-285 CVE-2017-0895: Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure of calendar and addressbook n Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure of calendar and addressbook names to other logged-in users. Note that no actual content of the calendar and addressbook has been disclosed.
nvd
CVE-2024-37314P4LOWCVSS 3.5≥ 25.0.0, < 25.0.7≥ 26.0.0, < 26.0.22024-06-14
CVE-2024-37314 [LOW] CWE-284 CVE-2024-37314: Nextcloud Photos is a photo management app. Users can remove photos from the album of registered use Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or 26.0.2.
nvd
CVE-2021-32680P4LOWCVSS 3.3fixed in 19.0.13≥ 20.0.0, < 20.0.11+1 more2021-07-12
CVE-2021-32680 [LOW] CWE-778 CVE-2021-32680: Nextcloud Server is a Nextcloud package that handles data storage. In versions priot to 19.0.13, 20. Nextcloud Server is a Nextcloud package that handles data storage. In versions priot to 19.0.13, 20.0.11, and 21.0.3, Nextcloud Server audit logging functionality wasn't properly logging events for the unsetting of a share expiration date. This event is supposed to be logged. This issue is patched in versions 19.0.13, 20.0.11, and 21.0.3.
nvd
CVE-2021-32653P4LOWCVSS 2.7fixed in 19.0.11≥ 20.0.0, < 20.0.10+1 more2021-06-01
CVE-2021-32653 [LOW] CWE-201 CVE-2021-32653: Nextcloud Server is a Nextcloud package that handles data storage. Nextcloud Server versions prior t Nextcloud Server is a Nextcloud package that handles data storage. Nextcloud Server versions prior to 19.0.11, 20.0.10, or 21.0.2 send user IDs to the lookup server even if the user has no fields set to published. The vulnerability is patched in versions 19.0.11, 20.0.10, and 21.0.2; no workarounds outside the updates are known to exist.
nvd
CVE-2023-48303P4LOWCVSS 2.7≥ 25.0.0, < 25.0.11≥ 26.0.0, < 26.0.6+1 more2023-11-21
CVE-2023-48303 [LOW] CWE-284 CVE-2023-48303: Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in ver Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and Nextcloud Enterprise Server, admins can change authentication details of user configured external storage. Nextcloud Server and Nextcloud Enterprise Server versions 25.
nvd
CVE-2018-16463P4LOWCVSS 3.1fixed in 12.0.8≥ 13.0.0, < 13.0.3+2 more2018-10-30
CVE-2018-16463 [LOW] CWE-384 CVE-2018-16463: A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could potentia A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could potentially allow an attacker to obtain access to password protected shares.
nvd
CVE-2022-31120P4LOWCVSS 2.7fixed in 22.2.7≥ 23.0.0, < 23.0.42022-08-04
CVE-2022-31120 [LOW] CVE-2022-31120: Nextcloud server is an open source personal cloud solution. The audit log is used to get a full trai Nextcloud server is an open source personal cloud solution. The audit log is used to get a full trail of the actions which has been incompletely populated. In affected versions federated share events were not properly logged which would allow brute force attacks to go unnoticed. This behavior exacerbates the impact of CVE-2022-31118. It is recommended that the
nvd
CVE-2022-41969P4LOWCVSS 2.7≥ 23.0.0, < 23.0.11≥ 24.0.0, < 24.0.72022-12-01
CVE-2022-41969 [LOW] CWE-400 CVE-2022-41969: Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.11, 24.0.7, and 25. Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.11, 24.0.7, and 25.0.0, there is no password length limit when creating a user as an administrator. An administrator can cause a limited DoS attack against their own server. Versions 23.0.11, 24.0.7, and 25.0.0 contain a fix for the issue. As a workaround, don't create use
nvd
CVE-2020-8173P4LOWCVSS 2.2fixed in 17.0.7≥ 18.0.0, < 18.0.5+1 more2020-11-02
CVE-2020-8173 [LOW] CWE-310 CVE-2020-8173: A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed de A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended.
nvd
Nextcloud Server vulnerabilities | cvebase