AVG-2024 log

Package nextcloud
Status Fixed
Severity High
Type multiple issues
Affected 21.0.1-3
Fixed 21.0.2-1
Current 22.2.3-1 [community]
Ticket None
Created Tue Jun 1 19:56:59 2021
Issue Severity Remote Type Description
CVE-2021-32657 Low Yes Denial of service
A security issue has been found in Nextcloud Server before version 21.0.2. A malicious user may be able to break the user administration page. This would...
CVE-2021-32656 Medium Yes Information disclosure
A security issue has been found in Nextcloud Server before version 21.0.2. Nextcloud supports sharing of the registered users with other Nextcloud servers....
CVE-2021-32655 Low Yes Information disclosure
A security issue has been found in Nextcloud Server before version 21.0.2. An attacker is able to convert a Files Drop link to a federated share. This...
CVE-2021-32654 High Yes Arbitrary filesystem access
A security issue has been found in Nextcloud Server before version 21.0.2. An attacker is able to receive write/read privileges on any Federated File Share....
CVE-2021-32653 Low Yes Information disclosure
Nextcloud Server before version 21.0.2 sends user IDs to the lookup server even if the user has no fields set to be published.
CVE-2021-22915 Low Yes Access restriction bypass
Nextcloud server before version 21.0.2 did not consider IPv6 subnets in the ratelimiting implementation. This could potentially result in an attacker...