Vulnerabilities > Nextcloud > Nextcloud Server > 16.0.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-02 | CVE-2020-8173 | Missing Encryption of Sensitive Data vulnerability in Nextcloud Server A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended. | 3.5 |
| 2020-05-12 | CVE-2020-8155 | Cross-site Scripting vulnerability in Nextcloud Server An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF. | 5.4 |
| 2020-05-12 | CVE-2020-8154 | Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Server An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint. | 7.7 |
| 2020-03-20 | CVE-2020-8139 | Missing Authorization vulnerability in multiple products A missing access control check in Nextcloud Server < 18.0.1, < 17.0.4, and < 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL. | 6.5 |
| 2020-03-20 | CVE-2020-8138 | Server-Side Request Forgery (SSRF) vulnerability in Nextcloud Server A missing check for IPv4 nested inside IPv6 in Nextcloud server < 17.0.1, < 16.0.7, and < 15.0.14 allowed a Server-Side Request Forgery (SSRF) vulnerability when subscribing to a malicious calendar URL. | 4.0 |
| 2020-02-04 | CVE-2020-8119 | Incorrect Authorization vulnerability in Nextcloud Server Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app. | 4.0 |
| 2020-02-04 | CVE-2019-15617 | Improper Authentication vulnerability in Nextcloud Server A missing check in Nextcloud Server 17.0.0 allowed an attacker to set up a new second factor when trying to login. | 5.5 |
| 2020-02-04 | CVE-2019-15616 | Injection vulnerability in Nextcloud Server Dangling remote share attempts in Nextcloud 16 allow a DNS pollution when running long. | 4.0 |
| 2020-02-04 | CVE-2019-15613 | Insufficient Verification of Data Authenticity vulnerability in multiple products A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes. | 8.0 |