Vulnerabilities > Nextcloud > Nextcloud Server > 19.0.40
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-09-07 | CVE-2021-32802 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Nextcloud Server Nextcloud server is an open source, self hosted personal cloud. | 10.0 |
2021-09-07 | CVE-2021-32766 | Information Exposure Through an Error Message vulnerability in Nextcloud Server Nextcloud Text is an open source plaintext editing application which ships with the nextcloud server. | 5.0 |
2021-03-03 | CVE-2021-22878 | Cross-site Scripting vulnerability in multiple products Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site scripting (XSS) due to lack of sanitization in `OC.Notification.show`. | 4.8 |
2021-03-03 | CVE-2021-22877 | Missing Authorization vulnerability in multiple products A missing user check in Nextcloud prior to 20.0.6 inadvertently populates a user's own credentials for other users external storage configuration when not already configured yet. | 6.5 |
2021-03-03 | CVE-2020-8296 | Weak Password Requirements vulnerability in multiple products Nextcloud Server prior to 20.0.0 stores passwords in a recoverable format even when external storage is not configured. | 6.7 |
2020-11-16 | CVE-2020-8259 | Insufficiently Protected Credentials vulnerability in Nextcloud Server Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryption keys. | 5.5 |
2020-11-16 | CVE-2020-8152 | Insufficiently Protected Credentials vulnerability in Nextcloud Server Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on. | 2.1 |