目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1336 CNY

100%

nextcloud 厂商漏洞列表 / CVE 中文分析 288

nextcloud 厂商相关 288 条 CVE 漏洞,含 AI 中文分析、POC、CVSS 评分与受影响产品。

Nextcloud 是一款开源文件同步与共享平台,旨在提供私有云存储解决方案,支持多端数据同步及协作办公。其历史漏洞多集中于远程代码执行、跨站脚本及权限绕过,部分源于集成组件缺陷。项目采用模块化架构,定期发布安全更新以修复已知风险。鉴于已收录 261 条 CVE,用户需保持版本更新,并严格配置访问控制策略,以防范潜在的数据泄露与未授权访问威胁。

CVE IDタイトルCVSS深刻度公開日
CVE-2021-32728 End-to-end encryption device setup did not verify public key — security-advisoriesCWE-295 6.5 Medium2021-08-18
CVE-2021-32748 WOPI API not protected by credentials/IP check — security-advisoriesCWE-862 4.3 Medium2021-07-27
CVE-2021-32741 Lack of ratelimit on public share link mount endpoint — security-advisoriesCWE-799 5.3 Medium2021-07-12
CVE-2021-32734 File path disclosure of shared files in Nextcloud Text application — security-advisoriesCWE-209 3.1 Low2021-07-12
CVE-2021-32733 XSS in Nextcloud Text application — security-advisoriesCWE-79 4.8 Medium2021-07-12
CVE-2021-32727 End-to-end encryption device setup did not verify public key — security-advisoriesCWE-295 5.7 Medium2021-07-12
CVE-2021-32726 Webauthn tokens not removed after user has been deleted — security-advisoriesCWE-708 7.1 High2021-07-12
CVE-2021-32725 Default share permissions not respected for federated reshares — security-advisoriesCWE-277 3.5 Low2021-07-12
CVE-2021-32707 Bypass of image blocking in Nextcloud Mail — security-advisoriesCWE-20 4.3 Medium2021-07-12
CVE-2021-32689 Nextcloud Talk not properly disassociating users from chats after account deletion — security-advisoriesCWE-708 8.1 High2021-07-12
CVE-2021-32705 Lack of ratelimit on public DAV endpoint — security-advisoriesCWE-799 5.3 Medium2021-07-12
CVE-2021-32703 Lack of ratelimit on shareinfo endpoint — security-advisoriesCWE-799 5.3 Medium2021-07-12
CVE-2021-32688 Application specific tokens can change their own scope — security-advisoriesCWE-285 8.8 High2021-07-12
CVE-2021-32680 Audit log is not properly logging unsetting of share expiration date — security-advisoriesCWE-778 3.3 Low2021-07-12
CVE-2021-32679 Filenames not escaped by default in controllers using DownloadResponse — security-advisoriesCWE-116 3.5 Low2021-07-12
CVE-2021-32678 Ratelimit not applied on OCS API responses — security-advisoriesCWE-799 3.7 Low2021-07-12
CVE-2021-32694 Malicious Android application can crash the Nextcloud Android Client — security-advisoriesCWE-248 4.1 Medium2021-06-17
CVE-2021-32695 Malicious Android app could access Shared Preferences of the Nextcloud Android client — security-advisoriesCWE-200 3.9 Low2021-06-17
CVE-2021-32676 Session Fixation in Nextcloud Talk — security-advisoriesCWE-384 6.5 Medium2021-06-16
CVE-2021-32658 Sensitive data may not be removed from storage on account removal — security-advisoriesCWE-200 4.7 Medium2021-06-08
CVE-2021-32657 Malicious user could break user administration page — security-advisoriesCWE-400 4.3 Medium2021-06-01
CVE-2021-32656 Trusted servers exchange can be triggered by attacker — security-advisoriesCWE-284 8.6 High2021-06-01
CVE-2021-32655 Files Drop public link can be added as federated share — security-advisoriesCWE-241 3.5 Low2021-06-01
CVE-2021-32654 Attacker can obtain write access to any federated share/public link — security-advisoriesCWE-639 8.1 High2021-06-01
CVE-2021-32653 Default settings leak federated cloud ID to lookup server of all users — security-advisoriesCWE-201 2.7 Low2021-06-01
CVE-2021-32652 Missing permission check on email metadata retrieval — security-advisoriesCWE-284 8.8 High2021-06-01
CVE-2021-29438 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in @nextcloud/dialogs — nextcloud-dialogsCWE-79 4.6 Medium2021-04-13
CVE-2019-5453 Nextcloud Android app 授权问题漏洞 — com.nextcloud.clientCWE-288 6.1 -2019-07-30
CVE-2019-5455 Nextcloud Android app 授权问题漏洞 — com.nextcloud.clientCWE-288 6.8 -2019-07-30
CVE-2018-3780 NextCloud Server 跨站脚本漏洞 — nextcloud/serverCWE-79 5.4 -2018-08-13

本页汇总了 nextcloud 厂商截至目前公开的全部 288 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接,并附带 AI 生成的中文分析以便快速判断风险。