目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

nextcloud 厂商漏洞列表 / CVE 中文分析 261

nextcloud 厂商相关 261 条 CVE 漏洞,含 AI 中文分析、POC、CVSS 评分与受影响产品。

Nextcloud 是一款开源文件同步与共享平台,旨在提供私有云存储解决方案,支持多端数据同步及协作办公。其历史漏洞多集中于远程代码执行、跨站脚本及权限绕过,部分源于集成组件缺陷。项目采用模块化架构,定期发布安全更新以修复已知风险。鉴于已收录 261 条 CVE,用户需保持版本更新,并严格配置访问控制策略,以防范潜在的数据泄露与未授权访问威胁。

上位製品 nextcloud: security-advisories Nextcloud Server com.nextcloud.client Nextcloud Calendar application Nextcloud Contacts application nextcloud/server nextcloud/talk nextcloud-dialogs news-android android cookbook nextcloudpi Nextcloud
CVE IDタイトルCVSS深刻度公開日
CVE-2022-39334 nextcloudcmd incorrectly trusts bad TLS certificates — security-advisoriesCWE-295 3.9 Low2022-11-25
CVE-2022-39338 Stored cross site scripting (XSS) vulnerability via Authorization Endpoint in user_oidc — security-advisoriesCWE-20 3.5 Low2022-11-25
CVE-2022-39339 Cleartext Transmission of Sensitive Information in user_oidc — security-advisoriesCWE-319 4.3 Medium2022-11-25
CVE-2022-39346 Missing length validation of user displayname in nextcloud server — security-advisoriesCWE-400 3.5 Low2022-11-25
CVE-2022-41926 Nextcloud Talk Android broadcast incorrect permission handling — security-advisoriesCWE-732 3.3 Low2022-11-25
CVE-2022-41882 Nextcloud Desktop vulnerable to code injection via malicious link — security-advisoriesCWE-94 6.6 Medium2022-11-11
CVE-2022-39329 Profile of disabled user stays accessible — security-advisoriesCWE-285 3.5 Low2022-10-27
CVE-2022-39330 Database resource exhaustion for logged-in users via sharee recommendations with circles — security-advisoriesCWE-400 4.8 Medium2022-10-27
CVE-2022-39364 Exception logging in Sharepoint app reveals clear-text connection details — security-advisoriesCWE-312 4.0 Medium2022-10-27
CVE-2022-39212 Last video frame is still sent after video is disabled in a call in Nextcloud Talk — security-advisoriesCWE-200 4.3 Medium2022-09-16
CVE-2022-39210 Access to internal files of the Nextcloud Android app — security-advisoriesCWE-22 3.2 Low2022-09-16
CVE-2022-39211 Server-Side Request Forgery (SSRF) via potential filter bypass in Nextcloud Server — security-advisoriesCWE-918 3.0 Low2022-09-16
CVE-2022-36074 Authentication headers exposed on by Nextcloud Server — security-advisoriesCWE-200 6.4 Medium2022-09-15
CVE-2022-36075 File list exposure in Nextcloud Files Access Control — security-advisoriesCWE-200 2.6 Low2022-09-15
CVE-2022-35931 Nextcloud Password Policy's generated passwords are not fully validated by HIBPValidator — security-advisoriesCWE-261 2.7 Low2022-09-06
CVE-2022-35932 Missing rate limit when trying to join a password protected Nextcloud Talk conversation — security-advisoriesCWE-359 3.5 Low2022-08-12
CVE-2022-31119 Password disclosure in log file in Nextcloud Mail App — security-advisoriesCWE-532 3.1 Low2022-08-04
CVE-2022-31132 Unauthenticated SSRF in 3rd party module "cerdic/csstidy" — security-advisoriesCWE-918 8.3 High2022-08-04
CVE-2022-31120 Federated share accepting/declining is not logged in audit log in Nextcloud Server — security-advisoriesCWE-778 2.1 Low2022-08-04
CVE-2022-31118 Missing brute force protection on cloud federation sharing in Nextcloud Server — security-advisoriesCWE-770 6.5 Medium2022-08-04
CVE-2022-31131 Ownership check missing when updating or deleting mail attachments in Nextcloud mail — security-advisoriesCWE-287 5.4 Medium2022-07-06
CVE-2022-31014 SMTP Command Injection in iCalendar Attachments to emails via newlines in Nextcloud Server — security-advisoriesCWE-74 5.4 Medium2022-07-05
CVE-2022-31024 Federated editing allows iframing remote servers by default in richdocuments — security-advisoriesCWE-284 6.5 Medium2022-06-02
CVE-2022-29243 Improper input-size validation on the user new session name in Nextcloud Server — security-advisoriesCWE-20 4.3 Medium2022-05-31
CVE-2022-29163 Bypass of password requirements when sharing a folder via the Circles app in Nextcloud Server — security-advisoriesCWE-671 3.5 Low2022-05-20
CVE-2022-29160 Sensitive files/data exist after deletion of user account in Nextcloud Android — security-advisoriesCWE-284 2.8 Low2022-05-20
CVE-2022-24906 Error in deleting deck cards attachment reveals the full application path in Nextcloud Deck — security-advisoriesCWE-200 3.5 Low2022-05-20
CVE-2022-29159 Possibility for anyone to add a stack with existing tasks on anyone's board in Nextcloud Deck — security-advisoriesCWE-639 5.0 Medium2022-05-20
CVE-2022-24890 Exposure of Private Personal Information to an Unauthorized Actor in Nextcloud Talk — security-advisoriesCWE-359 2.4 Low2022-05-17
CVE-2022-24889 Insufficient Verification of Data Authenticity in Nextcloud Server — security-advisoriesCWE-345 2.4 Low2022-04-27

本页汇总了 nextcloud 厂商截至目前公开的全部 261 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接,并附带 AI 生成的中文分析以便快速判断风险。