目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

Nextcloud 厂商漏洞列表 / CVE 中文分析 261

Nextcloud 厂商相关 261 条 CVE 漏洞,含 AI 中文分析、POC、CVSS 评分与受影响产品。

Nextcloud 是一款开源文件同步与共享平台,旨在提供私有云存储解决方案,支持多端数据同步及协作办公。其历史漏洞多集中于远程代码执行、跨站脚本及权限绕过,部分源于集成组件缺陷。项目采用模块化架构,定期发布安全更新以修复已知风险。鉴于已收录 261 条 CVE,用户需保持版本更新,并严格配置访问控制策略,以防范潜在的数据泄露与未授权访问威胁。

上位製品 Nextcloud: security-advisories Nextcloud Server com.nextcloud.client Nextcloud Calendar application Nextcloud Contacts application nextcloud/server nextcloud/talk nextcloud-dialogs news-android android cookbook nextcloudpi Nextcloud
CVE IDタイトルCVSS深刻度公開日
CVE-2022-24888 Possible Injection in Nextcloud Server — security-advisoriesCWE-74 4.3 Medium2022-04-27
CVE-2022-24887 Open Redirect in Nextcloud Talk — security-advisoriesCWE-601 4.3 Medium2022-04-27
CVE-2022-24886 Exposure of Sensitive Information to an Unauthorized Actor in com.nextcloud.client — security-advisoriesCWE-200 2.2 Low2022-04-27
CVE-2022-24885 Improper Authentication in Nextcloud Android Files — security-advisoriesCWE-287 2.0 Low2022-04-27
CVE-2022-24838 Command Injection in Appointment Emails for Nextcloud Calendar — security-advisoriesCWE-74 5.3 Medium2022-04-11
CVE-2021-41233 Missing authorization in Nextcloud text — security-advisoriesCWE-862 6.5 Medium2022-03-10
CVE-2022-24741 High memory usage in Nextcloud server — security-advisoriesCWE-400 3.5 Low2022-03-09
CVE-2021-41241 Advanced permissions is not respected for subfolders in Nextcloud server — security-advisoriesCWE-863 4.3 Medium2022-03-08
CVE-2021-41239 User enumeration setting not respected in Nextcloud server — security-advisoriesCWE-200 5.3 Medium2022-03-08
CVE-2021-41181 Nextcloud Talk app exposes chat messages on lockscreen — security-advisoriesCWE-200 2.4 Low2022-03-08
CVE-2021-41180 Geolocation preview links can be set to arbitrary links in nextcloud talk — security-advisoriesCWE-601 4.7 Medium2022-03-08
CVE-2021-41166 Permission bypass in Nextcloud Android App — security-advisoriesCWE-276 4.3 Medium2022-01-26
CVE-2021-43863 SQL Injection in FileContentProvider (GHSL-2021-1007) — androidCWE-89 7.5 High2022-01-25
CVE-2021-41256 Intent URI permissions manipulation in nextcloud news-android — news-androidCWE-829 5.8 Medium2021-11-30
CVE-2021-39222 XSS in Talk — security-advisoriesCWE-434 6.4 Medium2021-11-15
CVE-2021-41179 Two-Factor Authentication not enforced for pages marked as public — security-advisoriesCWE-304 6.5 Medium2021-10-25
CVE-2021-41178 File Traversal affecting SVG files on Nextcloud Server — security-advisoriesCWE-23 8.8 High2021-10-25
CVE-2021-41177 Rate-limits not working on instances without configured memory cache backend — security-advisoriesCWE-799 8.1 High2021-10-25
CVE-2021-39224 File path disclosure of shared files in OfficeOnline application — security-advisoriesCWE-200 3.5 Low2021-10-25
CVE-2021-39225 Missing permission check on Deck API — security-advisoriesCWE-639 8.1 High2021-10-25
CVE-2021-39223 File path disclosure of shared files in Richdocuments application — security-advisoriesCWE-200 4.8 Medium2021-10-25
CVE-2021-39221 XSS in Contacts — security-advisoriesCWE-434 6.4 Medium2021-10-25
CVE-2021-39220 Bypass of image blocking in Nextcloud Mail — security-advisoriesCWE-20 3.5 Low2021-10-25
CVE-2021-32802 Preview generation used third-party library not suited for user-generated content in Nextcloud server — security-advisoriesCWE-829 9.3 Critical2021-09-07
CVE-2021-32801 Exceptions may have logged Encryption-at-Rest key content in Nextcloud server — security-advisoriesCWE-532 5.5 Medium2021-09-07
CVE-2021-32800 Bypass of Two Factor Authentication in Nextcloud server — security-advisoriesCWE-306 8.1 High2021-09-07
CVE-2021-32766 Nextcloud Text app can disclose existence of folders in "File Drop" link share — security-advisoriesCWE-209 5.3 Medium2021-09-07
CVE-2021-37629 Lack of ratelimit on Richdocuments OCS endpoint in nextcloud — security-advisoriesCWE-200 5.3 Medium2021-09-07
CVE-2021-37628 File Drop can be bypassed using Richdocuments app in nextcloud — security-advisoriesCWE-639 7.5 High2021-09-07
CVE-2021-32782 Cross-Site Scripting in Nextcloud Circles — security-advisoriesCWE-79 5.8 Medium2021-09-07

本页汇总了 Nextcloud 厂商截至目前公开的全部 261 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接,并附带 AI 生成的中文分析以便快速判断风险。