Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

security-advisories — Vulnerabilities & Security Advisories 245

All 245 CVE vulnerabilities found in security-advisories, with AI-generated Chinese analysis, references, and POCs.

Vendor: nextcloud

CVE IDTitleCVSSSeverityPublished
CVE-2021-32801 Exceptions may have logged Encryption-at-Rest key content in Nextcloud server CWE-532 5.5 Medium2021-09-07
CVE-2021-32800 Bypass of Two Factor Authentication in Nextcloud server CWE-306 8.1 High2021-09-07
CVE-2021-32766 Nextcloud Text app can disclose existence of folders in "File Drop" link share CWE-209 5.3 Medium2021-09-07
CVE-2021-37629 Lack of ratelimit on Richdocuments OCS endpoint in nextcloud CWE-200 5.3 Medium2021-09-07
CVE-2021-37628 File Drop can be bypassed using Richdocuments app in nextcloud CWE-639 7.5 High2021-09-07
CVE-2021-32782 Cross-Site Scripting in Nextcloud Circles CWE-79 5.8 Medium2021-09-07
CVE-2021-37630 Secret Circle can be joined without approval in Nextcloud Circles CWE-639 6.5 Medium2021-09-07
CVE-2021-37631 Circle can be accessed by non-Circle members in Nextcloud Deck CWE-639 6.5 Medium2021-09-07
CVE-2021-37617 Untrusted Search Path in Nextcloud Desktop Client CWE-426 7.3 High2021-08-18
CVE-2021-32728 End-to-end encryption device setup did not verify public key CWE-295 6.5 Medium2021-08-18
CVE-2021-32748 WOPI API not protected by credentials/IP check CWE-862 4.3 Medium2021-07-27
CVE-2021-32741 Lack of ratelimit on public share link mount endpoint CWE-799 5.3 Medium2021-07-12
CVE-2021-32734 File path disclosure of shared files in Nextcloud Text application CWE-209 3.1 Low2021-07-12
CVE-2021-32733 XSS in Nextcloud Text application CWE-79 4.8 Medium2021-07-12
CVE-2021-32727 End-to-end encryption device setup did not verify public key CWE-295 5.7 Medium2021-07-12
CVE-2021-32726 Webauthn tokens not removed after user has been deleted CWE-708 7.1 High2021-07-12
CVE-2021-32725 Default share permissions not respected for federated reshares CWE-277 3.5 Low2021-07-12
CVE-2021-32707 Bypass of image blocking in Nextcloud Mail CWE-20 4.3 Medium2021-07-12
CVE-2021-32689 Nextcloud Talk not properly disassociating users from chats after account deletion CWE-708 8.1 High2021-07-12
CVE-2021-32705 Lack of ratelimit on public DAV endpoint CWE-799 5.3 Medium2021-07-12
CVE-2021-32703 Lack of ratelimit on shareinfo endpoint CWE-799 5.3 Medium2021-07-12
CVE-2021-32688 Application specific tokens can change their own scope CWE-285 8.8 High2021-07-12
CVE-2021-32680 Audit log is not properly logging unsetting of share expiration date CWE-778 3.3 Low2021-07-12
CVE-2021-32679 Filenames not escaped by default in controllers using DownloadResponse CWE-116 3.5 Low2021-07-12
CVE-2021-32678 Ratelimit not applied on OCS API responses CWE-799 3.7 Low2021-07-12
CVE-2021-32694 Malicious Android application can crash the Nextcloud Android Client CWE-248 4.1 Medium2021-06-17
CVE-2021-32695 Malicious Android app could access Shared Preferences of the Nextcloud Android client CWE-200 3.9 Low2021-06-17
CVE-2021-32676 Session Fixation in Nextcloud Talk CWE-384 6.5 Medium2021-06-16
CVE-2021-32658 Sensitive data may not be removed from storage on account removal CWE-200 4.7 Medium2021-06-08
CVE-2021-32657 Malicious user could break user administration page CWE-400 4.3 Medium2021-06-01

All 245 known CVE vulnerabilities affecting security-advisories with full Chinese analysis, references, and POCs where available.