Vulnerabilities > Nextcloud > Nextcloud Server > 10.0.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-30 | CVE-2018-16465 | Improper Authentication vulnerability in Nextcloud Server Missing state in Nextcloud Server prior to 14.0.0 would not enforce the use of a second factor at login if the the provider of the second factor failed to load. | 4.3 |
| 2018-10-30 | CVE-2018-16464 | Improper Authentication vulnerability in Nextcloud Server A missing access check in Nextcloud Server prior to 14.0.0 could lead to continued access to password protected link shares when the owner had changed the password. | 3.5 |
| 2018-10-30 | CVE-2018-16463 | Session Fixation vulnerability in Nextcloud Server A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could potentially allow an attacker to obtain access to password protected shares. | 3.6 |
| 2018-08-13 | CVE-2018-3780 | Cross-site Scripting vulnerability in Nextcloud Server A missing sanitization of search results for an autocomplete field in NextCloud Server <13.0.5 could lead to a stored XSS requiring user-interaction. | 3.5 |
| 2018-08-12 | CVE-2018-3775 | Improper Authentication vulnerability in Nextcloud Server Improper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obtained user credentials to bypass the 2 Factor Authentication. | 8.8 |
| 2018-07-05 | CVE-2018-3762 | Improper Preservation of Permissions vulnerability in Nextcloud Server Nextcloud Server before 12.0.8 and 13.0.3 suffers from improper checks of dropped permissions for incoming shares allowing a user to still request previews for files it should not have access to. | 4.3 |
| 2018-07-05 | CVE-2018-3761 | Improper Authentication vulnerability in Nextcloud Server Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper authentication on the OAuth2 token endpoint. | 8.1 |
| 2018-03-28 | CVE-2017-0936 | Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Server Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. | 4.9 |
| 2017-05-08 | CVE-2017-0895 | Information Exposure vulnerability in Nextcloud Server Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure of calendar and addressbook names to other logged-in users. | 3.5 |
| 2017-05-08 | CVE-2017-0894 | Incorrect Authorization vulnerability in Nextcloud Server Nextcloud Server before 11.0.3 is vulnerable to disclosure of valid share tokens for public calendars due to a logical error. | 4.3 |