blob: 28985e304e6f066b8dc8ced879b53ab749f57097 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
|
<hr>
<h2>2018</h2>
<h3>Nextcloud Server 14.0.0</h3>
<ul>
<li><a href="/security/advisory/?id=NC-SA-2018-014">Improper access control checks for single share previews (NC-SA-2018-014)</a> 2018-10-25</li>
<li><a href="/security/advisory/?id=NC-SA-2018-013">Session fixation on public share page (NC-SA-2018-013)</a> 2018-10-25</li>
<li><a href="/security/advisory/?id=NC-SA-2018-012">Improper authentication on public shares (NC-SA-2018-012)</a> 2018-10-25</li>
<li><a href="/security/advisory/?id=NC-SA-2018-011">Second factor authentication bypassed if provider fails to load (NC-SA-2018-011)</a> 2018-10-25</li>
<li><a href="/security/advisory/?id=NC-SA-2018-010">Improper validation of permissions (NC-SA-2018-010)</a> 2018-10-25</li>
</ul>
<h3>Nextcloud Server 13.0.6</h3>
<ul>
<li><a href="/security/advisory/?id=NC-SA-2018-010">Improper validation of permissions (NC-SA-2018-010)</a> 2018-10-25</li>
</ul>
<h3>Nextcloud Server 12.0.11</h3>
<ul>
<li><a href="/security/advisory/?id=NC-SA-2018-010">Improper validation of permissions (NC-SA-2018-010)</a> 2018-10-25</li>
</ul>
<h3>Nextcloud Server 13.0.3</h3>
<ul>
<li><a href="/security/advisory/?id=NC-SA-2018-013">Session fixation on public share page (NC-SA-2018-013)</a> 2018-10-25</li>
</ul>
<h3>Nextcloud Server 12.0.8</h3>
<ul>
<li><a href="/security/advisory/?id=NC-SA-2018-013">Session fixation on public share page (NC-SA-2018-013)</a> 2018-10-25</li>
</ul>
<h3>Nextcloud Server 13.0.5</h3>
<ul>
<li><a href="/security/advisory/?id=NC-SA-2018-008">Stored XSS in autocomplete suggestions for file comments (NC-SA-2018-008)</a> 2018-08-10</li>
</ul>
<h3>Talk App 3.2.5</h3>
<ul>
<li><a href="/security/advisory/?id=NC-SA-2018-009">Stored XSS in autocomplete suggestions for chat @-mentions (NC-SA-2018-009)</a> 2018-08-10</li>
</ul>
<h3>Nextcloud Server 12.0.3</h3>
<ul>
<li><a href="/security/advisory/?id=NC-SA-2018-007">Bypass of 2 Factor Authentication (NC-SA-2018-007)</a> 2018-08-03</li>
<li><a href="/security/advisory/?id=NC-SA-2018-006">Improper validation of data passed to JSON encoder (NC-SA-2018-006)</a> 2018-08-03</li>
</ul>
<h3>Nextcloud Server 11.0.5</h3>
<ul>
<li><a href="/security/advisory/?id=NC-SA-2018-006">Improper validation of data passed to JSON encoder (NC-SA-2018-006)</a> 2018-08-03</li>
</ul>
<h3>Nextcloud Server 13.0.3</h3>
<ul>
<li><a href="/security/advisory/?id=NC-SA-2018-003">Improper validation on OAuth2 token endpoint (NC-SA-2018-003)</a> 2018-06-21</li>
<li><a href="/security/advisory/?id=NC-SA-2018-002">File access control rules not applied to image previews (NC-SA-2018-002)</a> 2018-06-21</li>
</ul>
<h3>Nextcloud Server 12.0.8</h3>
<ul>
<li><a href="/security/advisory/?id=NC-SA-2018-003">Improper validation on OAuth2 token endpoint (NC-SA-2018-003)</a> 2018-06-21</li>
<li><a href="/security/advisory/?id=NC-SA-2018-002">File access control rules not applied to image previews (NC-SA-2018-002)</a> 2018-06-21</li>
</ul>
<h3>Calendar App 1.6.1</h3>
<ul>
<li><a href="/security/advisory/?id=NC-SA-2018-004">Stored XSS in calendar via group shares (NC-SA-2018-004)</a> 2018-06-21</li>
</ul>
<h3>Calendar App 1.5.8</h3>
<ul>
<li><a href="/security/advisory/?id=NC-SA-2018-004">Stored XSS in calendar via group shares (NC-SA-2018-004)</a> 2018-06-21</li>
</ul>
<h3>Contacts App 2.1.2</h3>
<ul>
<li><a href="/security/advisory/?id=NC-SA-2018-005">Stored XSS in contacts via group shares (NC-SA-2018-005)</a> 2018-06-21</li>
</ul>
<h3>Nextcloud Server 12.0.5</h3>
<ul>
<li><a href="/security/advisory/?id=NC-SA-2018-001">App password scope can be changed for other users (NC-SA-2018-001)</a> 2018-02-07</li>
</ul>
<h3>Nextcloud Server 11.0.7</h3>
<ul>
<li><a href="/security/advisory/?id=NC-SA-2018-001">App password scope can be changed for other users (NC-SA-2018-001)</a> 2018-02-07</li>
</ul>
<hr>
<h2>2017</h2>
<h3>Nextcloud Server 11.0.3</h3>
<ul>
<li><a href="/security/advisory/?id=NC-SA-2017-011">Share tokens for public calendars disclosed (NC-SA-2017-011)</a> 2017-05-08</li>
<li><a href="/security/advisory/?id=NC-SA-2017-010">Stored XSS in Gallery application (NC-SA-2017-010)</a> 2017-05-08</li>
<li><a href="/security/advisory/?id=NC-SA-2017-009">Limitation of app specific password scope can be bypassed (NC-SA-2017-009)</a> 2017-05-08</li>
<li><a href="/security/advisory/?id=NC-SA-2017-008">Reflected XSS in error pages (NC-SA-2017-008)</a> 2017-05-08</li>
<li><a href="/security/advisory/?id=NC-SA-2017-007">DOM XSS vulnerability in search dialogue (NC-SA-2017-007)</a> 2017-05-08</li>
</ul>
<h3>Nextcloud Server 10.0.5</h3>
<ul>
<li><a href="/security/advisory/?id=NC-SA-2017-010">Stored XSS in Gallery application (NC-SA-2017-010)</a> 2017-05-08</li>
<li><a href="/security/advisory/?id=NC-SA-2017-008">Reflected XSS in error pages (NC-SA-2017-008)</a> 2017-05-08</li>
</ul>
<h3>Nextcloud Server 9.0.58</h3>
<ul>
<li><a href="/security/advisory/?id=NC-SA-2017-010">Stored XSS in Gallery application (NC-SA-2017-010)</a> 2017-05-08</li>
<li><a href="/security/advisory/?id=NC-SA-2017-008">Reflected XSS in error pages (NC-SA-2017-008)</a> 2017-05-08</li>
</ul>
<h3>Nextcloud Server 11.0.2</h3>
<ul>
<li><a href="/security/advisory/?id=NC-SA-2017-012">Calendar and addressbook names disclosed (NC-SA-2017-012)</a> 2017-05-08</li>
</ul>
<h3>Nextcloud Server 10.0.4</h3>
<ul>
<li><a href="/security/advisory/?id=NC-SA-2017-012">Calendar and addressbook names disclosed (NC-SA-2017-012)</a> 2017-05-08</li>
</ul>
<h3>Nextcloud Server 10.0.2</h3>
<ul>
<li><a href="/security/advisory/?id=NC-SA-2017-006">Content-Spoofing in "files" app (NC-SA-2017-006)</a> 2017-02-05</li>
<li><a href="/security/advisory/?id=NC-SA-2017-005">Bypassing quota limitation (NC-SA-2017-005)</a> 2017-02-05</li>
<li><a href="/security/advisory/?id=NC-SA-2017-004">Denial of Service attack (NC-SA-2017-004)</a> 2017-02-05</li>
<li><a href="/security/advisory/?id=NC-SA-2017-003">Error message discloses existence of file in write-only share (NC-SA-2017-003)</a> 2017-02-05</li>
<li><a href="/security/advisory/?id=NC-SA-2017-002">Creation of folders in read-only folders despite lacking permissions (NC-SA-2017-002)</a> 2017-02-05</li>
<li><a href="/security/advisory/?id=NC-SA-2017-001">Permission increase on re-sharing via OCS API (NC-SA-2017-001)</a> 2017-02-05</li>
</ul>
<h3>Nextcloud Server 9.0.55</h3>
<ul>
<li><a href="/security/advisory/?id=NC-SA-2017-006">Content-Spoofing in "files" app (NC-SA-2017-006)</a> 2017-02-05</li>
<li><a href="/security/advisory/?id=NC-SA-2017-005">Bypassing quota limitation (NC-SA-2017-005)</a> 2017-02-05</li>
<li><a href="/security/advisory/?id=NC-SA-2017-004">Denial of Service attack (NC-SA-2017-004)</a> 2017-02-05</li>
<li><a href="/security/advisory/?id=NC-SA-2017-003">Error message discloses existence of file in write-only share (NC-SA-2017-003)</a> 2017-02-05</li>
<li><a href="/security/advisory/?id=NC-SA-2017-002">Creation of folders in read-only folders despite lacking permissions (NC-SA-2017-002)</a> 2017-02-05</li>
<li><a href="/security/advisory/?id=NC-SA-2017-001">Permission increase on re-sharing via OCS API (NC-SA-2017-001)</a> 2017-02-05</li>
</ul>
<hr>
<h2>2016</h2>
<h3>Nextcloud Server 10.0.1</h3>
<ul>
<li><a href="/security/advisory/?id=NC-SA-2016-011">Content-Spoofing in "dav" app (NC-SA-2016-011)</a> 2016-10-10</li>
<li><a href="/security/advisory/?id=NC-SA-2016-010">Content-Spoofing in "files" app (NC-SA-2016-010)</a> 2016-10-10</li>
<li><a href="/security/advisory/?id=NC-SA-2016-009">Reflected XSS in Gallery application (NC-SA-2016-009)</a> 2016-10-10</li>
<li><a href="/security/advisory/?id=NC-SA-2016-008">Stored XSS in CardDAV image export (NC-SA-2016-008)</a> 2016-10-10</li>
<li><a href="/security/advisory/?id=NC-SA-2016-006">SMB User Authentication Bypass (NC-SA-2016-006)</a> 2016-10-10</li>
</ul>
<h3>Nextcloud Server 9.0.54</h3>
<ul>
<li><a href="/security/advisory/?id=NC-SA-2016-011">Content-Spoofing in "dav" app (NC-SA-2016-011)</a> 2016-10-10</li>
<li><a href="/security/advisory/?id=NC-SA-2016-010">Content-Spoofing in "files" app (NC-SA-2016-010)</a> 2016-10-10</li>
<li><a href="/security/advisory/?id=NC-SA-2016-007">Improper authorization check on removing shares (NC-SA-2016-007)</a> 2016-10-10</li>
<li><a href="/security/advisory/?id=NC-SA-2016-006">SMB User Authentication Bypass (NC-SA-2016-006)</a> 2016-10-10</li>
</ul>
<h3>Nextcloud Server 10.0.0</h3>
<ul>
<li><a href="/security/advisory/?id=NC-SA-2016-007">Improper authorization check on removing shares (NC-SA-2016-007)</a> 2016-10-10</li>
</ul>
<h3>Nextcloud Server 9.0.52</h3>
<ul>
<li><a href="/security/advisory/?id=NC-SA-2016-005">Read-only share recipient can restore old versions of file (NC-SA-2016-005)</a> 2016-07-19</li>
<li><a href="/security/advisory/?id=NC-SA-2016-004">Edit permission check not enforced on WebDAV COPY action (NC-SA-2016-004)</a> 2016-07-19</li>
<li><a href="/security/advisory/?id=NC-SA-2016-003">Content-Spoofing in "files" app (NC-SA-2016-003)</a> 2016-07-19</li>
<li><a href="/security/advisory/?id=NC-SA-2016-002">Log pollution can potentially lead to local HTML injection (NC-SA-2016-002)</a> 2016-07-19</li>
<li><a href="/security/advisory/?id=NC-SA-2016-001">Stored XSS in "gallery" application (NC-SA-2016-001)</a> 2016-07-19</li>
</ul>
|
