Skip to main content
CVE-2021-35948 MEDIUM This Month

Session fixation on password protected public links in the ownCloud Server before 10.8.0 allows an attacker to bypass the password protection when they can force a target client to use a controlled. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Authentication Bypass Owncloud
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-32782 MEDIUM PATCH This Month

Nextcloud Circles is an open source social network built for the nextcloud ecosystem. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Nextcloud XSS Circles
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-37629 MEDIUM This Month

Nextcloud Richdocuments is an open source collaborative office suite. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nextcloud Microsoft Information Disclosure Richdocuments
NVD GitHub
CVSS 3.1
5.3
EPSS
1.4%
CVE-2021-32766 MEDIUM PATCH This Month

Nextcloud Text is an open source plaintext editing application which ships with the nextcloud server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Nextcloud Information Disclosure Nextcloud Server
NVD GitHub
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-35949 MEDIUM This Month

The shareinfo controller in the ownCloud Server before 10.8.0 allows an attacker to bypass the permission checks for upload only shares and list metadata about the share. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Owncloud
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-35947 MEDIUM This Month

The public share controller in the ownCloud server before version 10.8.0 allows a remote attacker to see the internal path and the username of a public share by including invalid characters in the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Owncloud
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-34145 MEDIUM This Month

The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 devices does not properly handle the reception of LMP_max_slot with an invalid Baseband packet type. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Wireless Internet Connectivity For Embedded Devices
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2021-27022 MEDIUM This Month

A flaw was discovered in bolt-server and ace where running a task with sensitive parameters results in those sensitive parameters being logged when they should not be. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Puppet Puppet Enterprise
NVD
CVSS 3.1
4.9
EPSS
0.9%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy