Vulnerabilities > Nextcloud > Nextcloud Server

DATE CVE VULNERABILITY TITLE RISK
2020-02-04 CVE-2020-8121 Exposure of Resource to Wrong Sphere vulnerability in Nextcloud Server
A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer.
network
low complexity
nextcloud CWE-668
8.1
2020-02-04 CVE-2020-8120 Cross-site Scripting vulnerability in Nextcloud Server 16.0.1
A reflected Cross-Site Scripting vulnerability in Nextcloud Server 16.0.1 was discovered in the svg generation.
network
low complexity
nextcloud CWE-79
6.1
2020-02-04 CVE-2020-8119 Incorrect Authorization vulnerability in Nextcloud Server
Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app.
network
low complexity
nextcloud CWE-863
4.3
2020-02-04 CVE-2020-8118 Server-Side Request Forgery (SSRF) vulnerability in multiple products
An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application.
network
low complexity
nextcloud novell opensuse CWE-918
5.0
2020-02-04 CVE-2020-8117 Improper Preservation of Permissions vulnerability in Nextcloud Server
Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public event.
network
low complexity
nextcloud CWE-281
4.3
2020-02-04 CVE-2019-15624 Improper Input Validation vulnerability in multiple products
Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders.
network
low complexity
nextcloud opensuse suse CWE-20
4.9
2020-02-04 CVE-2019-15623 Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled.
network
low complexity
nextcloud suse opensuse
5.3
2020-02-04 CVE-2019-15621 Improper Preservation of Permissions vulnerability in Nextcloud Server
Improper permissions preservation in Nextcloud Server 16.0.1 causes sharees to be able to reshare with write permissions when sharing the mount point of a share they received, as a public link.
network
low complexity
nextcloud CWE-281
6.5
2020-02-04 CVE-2019-15619 Cross-site Scripting vulnerability in Nextcloud Talk
Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project.
network
low complexity
nextcloud CWE-79
4.8
2020-02-04 CVE-2019-15618 Cross-site Scripting vulnerability in Nextcloud Server
Missing escaping of HTML in the Updater of Nextcloud 15.0.5 allowed a reflected XSS when starting the updater from a malicious location.
network
low complexity
nextcloud CWE-79
4.8