Vulnerabilities > Nextcloud > Nextcloud > 3.4.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-02-04 | CVE-2019-15622 | SQL Injection vulnerability in Nextcloud Not strictly enough sanitization in the Nextcloud Android app 3.6.0 allowed an attacker to get content information from protected tables when using custom queries. | 2.1 |
2020-02-04 | CVE-2019-15615 | Improper Authentication vulnerability in Nextcloud A wrong check for the system time in the Android App 3.9.0 causes a bypass of the lock protection when changing the time of the system to the past. | 3.6 |
2019-07-30 | CVE-2019-5452 | Unspecified vulnerability in Nextcloud Bypass lock protection in the Nextcloud Android app prior to version 3.6.2 causes leaking of thumbnails when requesting the Android content provider although the lock protection was not solved. | 2.1 |
2019-07-30 | CVE-2019-5450 | Cross-site Scripting vulnerability in Nextcloud Improper sanitization of HTML in directory names in the Nextcloud Android app prior to version 3.7.0 allowed to style the directory name in the header bar when using basic HTML. | 4.6 |
2017-04-05 | CVE-2017-0888 | Improper Input Validation vulnerability in Nextcloud Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoofing vulnerability in the "files" app. | 4.3 |
2017-03-28 | CVE-2016-9460 | Improper Access Control vulnerability in multiple products Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a content-spoofing attack in the files app. | 5.0 |