Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

security-advisories — Vulnerabilities & Security Advisories 245

All 245 CVE vulnerabilities found in security-advisories, with AI-generated Chinese analysis, references, and POCs.

Vendor: nextcloud

CVE IDTitleCVSSSeverityPublished
CVE-2023-22472 Nextcloud Deck Desktop Client is vulnerable to Cross-Site Request Forgery (CSRF) via malicious link CWE-352 5.3 Medium2023-01-09
CVE-2022-41971 Nextcloud Talk guests can continue to receive video streams from call after being removed from a conversation CWE-359 4.8 Medium2022-12-01
CVE-2022-41970 Nextcloud Server's disabled download shares still allow download through preview images CWE-284 2.6 Low2022-12-01
CVE-2022-41969 Nextcloud Server has no password length limit when creating a user as an administrator CWE-400 2.4 Low2022-12-01
CVE-2022-41968 Nextcloud Server's calendar name length not validated before writing to database CWE-400 3.5 Low2022-12-01
CVE-2022-39331 Cross-site Scripting (XSS) in Nexcloud Desktop Client CWE-79 4.6 Medium2022-11-25
CVE-2022-39332 Cross-site scripting (XSS) in Nextcloud Desktop Client CWE-79 4.6 Medium2022-11-25
CVE-2022-39333 Cross-site scripting (XSS) in Nextcloud Desktop Client CWE-79 4.6 Medium2022-11-25
CVE-2022-39334 nextcloudcmd incorrectly trusts bad TLS certificates CWE-295 3.9 Low2022-11-25
CVE-2022-39338 Stored cross site scripting (XSS) vulnerability via Authorization Endpoint in user_oidc CWE-20 3.5 Low2022-11-25
CVE-2022-39339 Cleartext Transmission of Sensitive Information in user_oidc CWE-319 4.3 Medium2022-11-25
CVE-2022-39346 Missing length validation of user displayname in nextcloud server CWE-400 3.5 Low2022-11-25
CVE-2022-41926 Nextcloud Talk Android broadcast incorrect permission handling CWE-732 3.3 Low2022-11-25
CVE-2022-41882 Nextcloud Desktop vulnerable to code injection via malicious link CWE-94 6.6 Medium2022-11-11
CVE-2022-39329 Profile of disabled user stays accessible CWE-285 3.5 Low2022-10-27
CVE-2022-39330 Database resource exhaustion for logged-in users via sharee recommendations with circles CWE-400 4.8 Medium2022-10-27
CVE-2022-39364 Exception logging in Sharepoint app reveals clear-text connection details CWE-312 4.0 Medium2022-10-27
CVE-2022-39212 Last video frame is still sent after video is disabled in a call in Nextcloud Talk CWE-200 4.3 Medium2022-09-16
CVE-2022-39210 Access to internal files of the Nextcloud Android app CWE-22 3.2 Low2022-09-16
CVE-2022-39211 Server-Side Request Forgery (SSRF) via potential filter bypass in Nextcloud Server CWE-918 3.0 Low2022-09-16
CVE-2022-36074 Authentication headers exposed on by Nextcloud Server CWE-200 6.4 Medium2022-09-15
CVE-2022-36075 File list exposure in Nextcloud Files Access Control CWE-200 2.6 Low2022-09-15
CVE-2022-35931 Nextcloud Password Policy's generated passwords are not fully validated by HIBPValidator CWE-261 2.7 Low2022-09-06
CVE-2022-35932 Missing rate limit when trying to join a password protected Nextcloud Talk conversation CWE-359 3.5 Low2022-08-12
CVE-2022-31119 Password disclosure in log file in Nextcloud Mail App CWE-532 3.1 Low2022-08-04
CVE-2022-31132 Unauthenticated SSRF in 3rd party module "cerdic/csstidy" CWE-918 8.3 High2022-08-04
CVE-2022-31120 Federated share accepting/declining is not logged in audit log in Nextcloud Server CWE-778 2.1 Low2022-08-04
CVE-2022-31118 Missing brute force protection on cloud federation sharing in Nextcloud Server CWE-770 6.5 Medium2022-08-04
CVE-2022-31131 Ownership check missing when updating or deleting mail attachments in Nextcloud mail CWE-287 5.4 Medium2022-07-06
CVE-2022-31014 SMTP Command Injection in iCalendar Attachments to emails via newlines in Nextcloud Server CWE-74 5.4 Medium2022-07-05

All 245 known CVE vulnerabilities affecting security-advisories with full Chinese analysis, references, and POCs where available.