Vulnerabilities > Nextcloud > Nextcloud Server > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-28 | CVE-2017-0936 | Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Server Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. | 4.9 |
| 2017-05-08 | CVE-2017-0894 | Incorrect Authorization vulnerability in Nextcloud Server Nextcloud Server before 11.0.3 is vulnerable to disclosure of valid share tokens for public calendars due to a logical error. | 4.3 |
| 2017-05-08 | CVE-2017-0892 | Session Fixation vulnerability in Nextcloud Server Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an application specific password without permission to the files access to the users file. | 4.3 |
| 2017-04-05 | CVE-2017-0888 | Improper Input Validation vulnerability in Nextcloud Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoofing vulnerability in the "files" app. | 4.3 |
| 2017-04-05 | CVE-2017-0887 | Improper Input Validation vulnerability in Nextcloud Server Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation. | 4.3 |
| 2017-04-05 | CVE-2017-0886 | Uncontrolled Recursion vulnerability in Nextcloud Server Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Denial of Service attack. | 6.5 |
| 2017-04-05 | CVE-2017-0885 | Information Exposure vulnerability in Nextcloud Server Nextcloud Server before 9.0.55 and 10.0.2 suffers from a error message disclosing existence of file in write-only share. | 4.3 |
| 2017-04-05 | CVE-2017-0884 | Incorrect Permission Assignment for Critical Resource vulnerability in Nextcloud Server Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue. | 4.3 |
| 2017-04-05 | CVE-2017-0883 | Incorrect Permission Assignment for Critical Resource vulnerability in Nextcloud Server Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue. | 5.5 |
| 2017-03-28 | CVE-2016-9468 | Improper Access Control vulnerability in multiple products Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. | 5.0 |