Vulnerabilities > Nextcloud > Nextcloud Server > 19.0.5

DATE CVE VULNERABILITY TITLE RISK
2021-06-01 CVE-2021-32655 Unspecified vulnerability in Nextcloud Server
Nextcloud Server is a Nextcloud package that handles data storage.
network
low complexity
nextcloud
3.5
2021-06-01 CVE-2021-32653 Unspecified vulnerability in Nextcloud Server
Nextcloud Server is a Nextcloud package that handles data storage.
network
low complexity
nextcloud
2.7
2021-03-03 CVE-2021-22878 Cross-site Scripting vulnerability in multiple products
Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site scripting (XSS) due to lack of sanitization in `OC.Notification.show`.
network
low complexity
nextcloud fedoraproject CWE-79
4.8
2021-03-03 CVE-2021-22877 Missing Authorization vulnerability in multiple products
A missing user check in Nextcloud prior to 20.0.6 inadvertently populates a user's own credentials for other users external storage configuration when not already configured yet.
network
low complexity
nextcloud fedoraproject CWE-862
6.5
2021-03-03 CVE-2020-8296 Weak Password Requirements vulnerability in multiple products
Nextcloud Server prior to 20.0.0 stores passwords in a recoverable format even when external storage is not configured.
local
low complexity
nextcloud fedoraproject CWE-521
6.7
2021-01-26 CVE-2020-8295 Resource Exhaustion vulnerability in Nextcloud Server
A wrong check in Nextcloud Server 19 and prior allowed to perform a denial of service attack when resetting the password for a user.
network
low complexity
nextcloud CWE-400
7.5
2020-11-16 CVE-2020-8259 Insufficiently Protected Credentials vulnerability in Nextcloud Server
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryption keys.
network
low complexity
nextcloud CWE-522
8.1
2020-11-16 CVE-2020-8152 Insufficiently Protected Credentials vulnerability in Nextcloud Server
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on.
local
low complexity
nextcloud CWE-522
4.4