Vulnerabilities > Nextcloud

DATE CVE VULNERABILITY TITLE RISK
2021-01-06 CVE-2020-8281 Cross-Site Scripting vulnerability in Nextcloud Contacts
A missing file type check in Nextcloud Contacts 3.3.0 allows a malicious user to upload malicious SVG files to perform cross-site scripting (XSS) attacks.
network
nextcloud CWE-79
3.5
2021-01-06 CVE-2020-8280 Cross-Site Scripting vulnerability in Nextcloud Contacts
A missing file type check in Nextcloud Contacts 3.4.0 allows a malicious user to upload SVG files as PNG files to perform cross-site scripting (XSS) attacks.
network
nextcloud CWE-79
3.5
2020-11-19 CVE-2020-8279 Improper Certificate Validation vulnerability in Nextcloud Social
Missing validation of server certificates for out-going connections in Nextcloud Social < 0.4.0 allowed a man-in-the-middle attack.
network
nextcloud CWE-295
5.8
2020-11-19 CVE-2020-8278 Incorrect Authorization vulnerability in Nextcloud Social 0.3.1
Improper access control in Nextcloud Social app version 0.3.1 allowed to read posts of any user.
network
low complexity
nextcloud CWE-863
5.0
2020-11-16 CVE-2020-8259 Insufficiently Protected Credentials vulnerability in Nextcloud
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryption keys.
network
low complexity
nextcloud CWE-522
5.5
2020-11-16 CVE-2020-8152 Insufficiently Protected Credentials vulnerability in Nextcloud
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on.
local
low complexity
nextcloud CWE-522
2.1
2020-11-09 CVE-2020-8150 Missing Encryption of Sensitive Data vulnerability in Nextcloud Server
A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files.
1.9
2020-11-09 CVE-2020-8133 Improper Verification of Cryptographic Signature vulnerability in Nextcloud Server 19.0.1
A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed an attacker to overwrite blocks in a file.
network
low complexity
nextcloud CWE-347
5.0
2020-11-02 CVE-2020-8236 Improper Authentication vulnerability in Nextcloud
A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor verification by asking for the PIN of the passwordless WebAuthn but not verifying it.
local
low complexity
nextcloud CWE-287
4.6
2020-11-02 CVE-2020-8183 Insufficiently Protected Credentials vulnerability in Nextcloud
A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call.
network
low complexity
nextcloud CWE-522
5.0