GCVE - cpe:2.3:a:n/a:nextcloud_server_&_owncloud_server_nextcloud_server_before_9.0.54_and_10.0.1_&_owncloud_server_before_9.0.6_and

Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:nextcloud_server_&_owncloud_server_nextcloud_server_before_9.0.54_and_10.0.1_&_owncloud_server_before_9.0.6_and_9.1.2:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	N/A (`22f567d3-1203-528c-8f0e-3eb9c2f6ca78`)
Product	Nextcloud Server & Owncloud Server Nextcloud Server Before 9.0.54 And 10.0.1 & Owncloud Server Before 9.0.6 And 9.1.2 (`d44d819a-1dc5-5eff-b25d-3400cd1e2c03`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2016-9468`	vulnerable	2026-06-08 05:08:23.955492	Details available Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of information. Published: 2017-03-28T02:46:00.000Z Updated: 2024-08-06T02:50:38.587Z Open on db.gcve.eu Reference links https://owncloud.org/security/advisory/?id=oc-sa-2016-021 https://github.com/nextcloud/server/commit/a4cfb3ddc1f4cdb585e05c0e9b2f8e52a0e2ee3e https://github.com/nextcloud/server/commit/7350e13113c8ed484727a5c25331ec11d4d59f5f https://github.com/owncloud/core/commit/96b8afe48570bc70088ccd8f897e9d71997d336e https://hackerone.com/reports/149798	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-9467`	vulnerable	2026-06-08 05:08:23.954941	Details available Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user. Published: 2017-03-28T02:46:00.000Z Updated: 2024-08-06T02:50:38.429Z Open on db.gcve.eu Reference links https://github.com/nextcloud/server/commit/5dd211cc8845fd4533966bf8d7a7f2a6359ea013 https://github.com/nextcloud/server/commit/ed0f0db5fa0aff04594cb0f973ae4c22b17a175a https://nextcloud.com/security/advisory/?id=nc-sa-2016-010 https://github.com/nextcloud/server/commit/df50e967dbd27b13875625b7dd3189294619b071 https://github.com/owncloud/core/commit/768221fcf3c526c65d85f62b0efa2da5ea00bf2d	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Nextcloud Server & Owncloud Server Nextcloud Server Before 9.0.54 And 10.0.1 & Owncloud Server Before 9.0.6 And 9.1.2

PURL mappings

Vulnerability references

Contribute