Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

security-advisories — Vulnerabilities & Security Advisories 245

All 245 CVE vulnerabilities found in security-advisories, with AI-generated Chinese analysis, references, and POCs.

Vendor: nextcloud

CVE IDTitleCVSSSeverityPublished
CVE-2022-31024 Federated editing allows iframing remote servers by default in richdocuments CWE-284 6.5 Medium2022-06-02
CVE-2022-29243 Improper input-size validation on the user new session name in Nextcloud Server CWE-20 4.3 Medium2022-05-31
CVE-2022-29163 Bypass of password requirements when sharing a folder via the Circles app in Nextcloud Server CWE-671 3.5 Low2022-05-20
CVE-2022-29160 Sensitive files/data exist after deletion of user account in Nextcloud Android CWE-284 2.8 Low2022-05-20
CVE-2022-24906 Error in deleting deck cards attachment reveals the full application path in Nextcloud Deck CWE-200 3.5 Low2022-05-20
CVE-2022-29159 Possibility for anyone to add a stack with existing tasks on anyone's board in Nextcloud Deck CWE-639 5.0 Medium2022-05-20
CVE-2022-24890 Exposure of Private Personal Information to an Unauthorized Actor in Nextcloud Talk CWE-359 2.4 Low2022-05-17
CVE-2022-24889 Insufficient Verification of Data Authenticity in Nextcloud Server CWE-345 2.4 Low2022-04-27
CVE-2022-24888 Possible Injection in Nextcloud Server CWE-74 4.3 Medium2022-04-27
CVE-2022-24887 Open Redirect in Nextcloud Talk CWE-601 4.3 Medium2022-04-27
CVE-2022-24886 Exposure of Sensitive Information to an Unauthorized Actor in com.nextcloud.client CWE-200 2.2 Low2022-04-27
CVE-2022-24885 Improper Authentication in Nextcloud Android Files CWE-287 2.0 Low2022-04-27
CVE-2022-24838 Command Injection in Appointment Emails for Nextcloud Calendar CWE-74 5.3 Medium2022-04-11
CVE-2021-41233 Missing authorization in Nextcloud text CWE-862 6.5 Medium2022-03-10
CVE-2022-24741 High memory usage in Nextcloud server CWE-400 3.5 Low2022-03-09
CVE-2021-41241 Advanced permissions is not respected for subfolders in Nextcloud server CWE-863 4.3 Medium2022-03-08
CVE-2021-41239 User enumeration setting not respected in Nextcloud server CWE-200 5.3 Medium2022-03-08
CVE-2021-41181 Nextcloud Talk app exposes chat messages on lockscreen CWE-200 2.4 Low2022-03-08
CVE-2021-41180 Geolocation preview links can be set to arbitrary links in nextcloud talk CWE-601 4.7 Medium2022-03-08
CVE-2021-41166 Permission bypass in Nextcloud Android App CWE-276 4.3 Medium2022-01-26
CVE-2021-39222 XSS in Talk CWE-434 6.4 Medium2021-11-15
CVE-2021-41179 Two-Factor Authentication not enforced for pages marked as public CWE-304 6.5 Medium2021-10-25
CVE-2021-41178 File Traversal affecting SVG files on Nextcloud Server CWE-23 8.8 High2021-10-25
CVE-2021-41177 Rate-limits not working on instances without configured memory cache backend CWE-799 8.1 High2021-10-25
CVE-2021-39224 File path disclosure of shared files in OfficeOnline application CWE-200 3.5 Low2021-10-25
CVE-2021-39225 Missing permission check on Deck API CWE-639 8.1 High2021-10-25
CVE-2021-39223 File path disclosure of shared files in Richdocuments application CWE-200 4.8 Medium2021-10-25
CVE-2021-39221 XSS in Contacts CWE-434 6.4 Medium2021-10-25
CVE-2021-39220 Bypass of image blocking in Nextcloud Mail CWE-20 3.5 Low2021-10-25
CVE-2021-32802 Preview generation used third-party library not suited for user-generated content in Nextcloud server CWE-829 9.3 Critical2021-09-07

All 245 known CVE vulnerabilities affecting security-advisories with full Chinese analysis, references, and POCs where available.