Vulnerabilities > Nextcloud > Nextcloud Server > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-02 | CVE-2020-8183 | Insufficiently Protected Credentials vulnerability in Nextcloud Server A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call. | 7.5 |
| 2020-05-12 | CVE-2020-8154 | Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Server An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint. | 7.7 |
| 2020-02-04 | CVE-2020-8121 | Exposure of Resource to Wrong Sphere vulnerability in Nextcloud Server A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer. | 8.1 |
| 2020-02-04 | CVE-2019-15613 | Insufficient Verification of Data Authenticity vulnerability in multiple products A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes. | 8.0 |
| 2018-10-30 | CVE-2018-16466 | Improper Check for Dropped Privileges vulnerability in Nextcloud Server Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrictions by acess tokens. | 8.1 |
| 2018-08-12 | CVE-2018-3775 | Improper Authentication vulnerability in Nextcloud Server Improper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obtained user credentials to bypass the 2 Factor Authentication. | 8.8 |
| 2018-07-05 | CVE-2018-3761 | Improper Authentication vulnerability in Nextcloud Server Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper authentication on the OAuth2 token endpoint. | 8.1 |
| 2017-03-28 | CVE-2016-9463 | Improper Authentication vulnerability in multiple products Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. | 8.1 |