Vulnerabilities > Nextcloud
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-19 | CVE-2020-8279 | Improper Certificate Validation vulnerability in Nextcloud Social Missing validation of server certificates for out-going connections in Nextcloud Social < 0.4.0 allowed a man-in-the-middle attack. | 7.4 |
| 2020-11-19 | CVE-2020-8278 | Incorrect Authorization vulnerability in Nextcloud Social 0.3.1 Improper access control in Nextcloud Social app version 0.3.1 allowed to read posts of any user. | 5.3 |
| 2020-11-16 | CVE-2020-8259 | Insufficiently Protected Credentials vulnerability in Nextcloud Server Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryption keys. | 8.1 |
| 2020-11-16 | CVE-2020-8152 | Insufficiently Protected Credentials vulnerability in Nextcloud Server Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on. | 4.4 |
| 2020-11-09 | CVE-2020-8150 | Missing Encryption of Sensitive Data vulnerability in Nextcloud Server A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files. | 4.1 |
| 2020-11-09 | CVE-2020-8133 | Improper Verification of Cryptographic Signature vulnerability in Nextcloud Server 19.0.1 A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed an attacker to overwrite blocks in a file. | 5.3 |
| 2020-11-02 | CVE-2020-8236 | Improper Authentication vulnerability in Nextcloud Server A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor verification by asking for the PIN of the passwordless WebAuthn but not verifying it. | 6.8 |
| 2020-11-02 | CVE-2020-8183 | Insufficiently Protected Credentials vulnerability in Nextcloud Server A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call. | 7.5 |
| 2020-11-02 | CVE-2020-8173 | Missing Encryption of Sensitive Data vulnerability in Nextcloud Server A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended. | 2.2 |
| 2020-10-05 | CVE-2020-8235 | Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Deck 1.0.4 Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments. | 4.3 |