Nextcloud Server vulnerabilities
2 known vulnerabilities affecting nextcloud/server.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2021-41179MEDIUMCVSS 6.5≥ 20.0.3, < 20.0.13≥ 21.0.1, < 21.0.5+1 more2021-10-25
CVE-2021-41179 [MEDIUM] CWE-304 CVE-2021-41179: Nextcloud is an open-source, self-hosted productivity platform. Prior to Nextcloud Server versions 2
Nextcloud is an open-source, self-hosted productivity platform. Prior to Nextcloud Server versions 20.0.13, 21.0.5, and 22.2.0, the Two-Factor Authentication wasn't enforced for pages marked as public. Any page marked as `@PublicPage` could thus be accessed with a valid user session that isn't authenticated. This particularly affects the Nextcloud T
nvd
CVE-2021-41178MEDIUMCVSS 6.5≥ 20.0.3, < 20.0.13≥ 21.0.1, < 21.0.5+1 more2021-10-25
CVE-2021-41178 [MEDIUM] CWE-23 CVE-2021-41178: Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, a
Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, a file traversal vulnerability makes an attacker able to download arbitrary SVG images from the host system, including user provided files. This could also be leveraged into a XSS/phishing attack, an attacker could upload a malicious SVG fil
nvd