Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Package Hub 15 SP2 package nextcloud, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (25)
CVE-2021-32802 — CVSS 9.3 (critical): Nextcloud server is an open source, self hosted personal cloud. Nextcloud supports rendering image previews for user provided file content…
CVE-2021-32688 — CVSS 8.8 (high): Nextcloud Server is a Nextcloud package that handles data storage. Nextcloud Server supports application specific tokens for authentication…
CVE-2021-41178 — CVSS 8.8 (high): Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, a file traversal…
CVE-2020-8233 — CVSS 8.8 (high): A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary…
CVE-2021-41177 — CVSS 8.1 (high): Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, Nextcloud Server did not…
CVE-2021-32800 — CVSS 8.1 (high): Nextcloud server is an open source, self hosted personal cloud. In affected versions an attacker is able to bypass Two Factor…
CVE-2020-8154 — CVSS 7.7 (high): An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when…
CVE-2020-8295 — CVSS 7.5 (high): A wrong check in Nextcloud Server 19 and prior allowed to perform a denial of service attack when resetting the password for a user.
CVE-2020-8183 — CVSS 7.5 (high): A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call.
CVE-2021-32726 — CVSS 7.1 (high): Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, webauthn tokens were…
CVE-2021-41179 — CVSS 6.5 (medium): Nextcloud is an open-source, self-hosted productivity platform. Prior to Nextcloud Server versions 20.0.13, 21.0.5, and 22.2.0, the…
CVE-2020-8293 — CVSS 6.5 (medium): A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules…
CVE-2021-32801 — CVSS 5.5 (medium): Nextcloud server is an open source, self hosted personal cloud. In affected versions logging of exceptions may have resulted in logging…
CVE-2020-8155 — CVSS 5.4 (medium): An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening…
CVE-2020-8294 — CVSS 5.4 (medium): A missing link validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows execution of a stored XSS attack using Internet…
CVE-2021-32703 — CVSS 5.3 (medium): Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of…
CVE-2021-32766 — CVSS 5.3 (medium): Nextcloud Text is an open source plaintext editing application which ships with the nextcloud server. In affected versions the Nextcloud…
CVE-2021-32705 — CVSS 5.3 (medium): Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of…
CVE-2021-32741 — CVSS 5.3 (medium): Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of…
CVE-2020-8228 — CVSS 5.3 (medium): A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times.
CVE-2021-32678 — CVSS 3.7 (low): Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, ratelimits are not…
CVE-2021-32725 — CVSS 3.5 (low): Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, default share…
CVE-2021-32679 — CVSS 3.5 (low): Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, filenames where not…
CVE-2021-32680 — CVSS 3.3 (low): Nextcloud Server is a Nextcloud package that handles data storage. In versions priot to 19.0.13, 20.0.11, and 21.0.3, Nextcloud Server…
CVE-2021-32734 — CVSS 3.1 (low): Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, the Nextcloud Text…