Vulnerabilities > Nextcloud

DATE CVE VULNERABILITY TITLE RISK
2020-10-05 CVE-2020-8223 Improper Privilege Management vulnerability in multiple products
A logic error in Nextcloud Server 19.0.0 caused a privilege escalation allowing malicious users to reshare with higher permissions than they got assigned themselves.
network
low complexity
nextcloud fedoraproject CWE-269
6.5
2020-09-18 CVE-2020-8225 Cleartext Storage of Sensitive Information vulnerability in Nextcloud Desktop
A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials.
network
low complexity
nextcloud CWE-312
7.5
2020-08-21 CVE-2020-8227 Path Traversal vulnerability in Nextcloud Desktop
Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory.
network
low complexity
nextcloud CWE-22
6.8
2020-08-21 CVE-2020-8189 Cross-site Scripting vulnerability in Nextcloud Desktop
A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the login attempt.
network
low complexity
nextcloud CWE-79
5.4
2020-08-17 CVE-2020-8230 Out-of-bounds Write vulnerability in Nextcloud Desktop
A memory corruption vulnerability exists in NextCloud Desktop Client v2.6.4 where missing ASLR and DEP protections in for windows allowed to corrupt memory.
local
low complexity
nextcloud CWE-787
5.5
2020-08-10 CVE-2020-8229 Memory Leak vulnerability in Nextcloud Desktop
A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system.
local
low complexity
nextcloud CWE-401
5.5
2020-08-10 CVE-2020-8224 Code Injection vulnerability in Nextcloud Desktop
A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory.
local
low complexity
nextcloud CWE-94
7.8
2020-07-30 CVE-2020-8202 Improper Restriction of Excessive Authentication Attempts vulnerability in Nextcloud Preferred Providers 1.6.0
Improper check of inputs in Nextcloud Preferred Providers app v1.6.0 allowed to perform a denial of service attack when using a very long password.
network
low complexity
nextcloud CWE-307
5.3
2020-07-10 CVE-2020-8181 Unrestricted Upload of File with Dangerous Type vulnerability in Nextcloud Contacts
A missing file type check in Nextcloud Contacts 3.2.0 allowed a malicious user to upload any file as avatars.
network
low complexity
nextcloud CWE-434
4.3
2020-07-02 CVE-2020-8179 Improper Privilege Management vulnerability in Nextcloud Deck
Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to inject tasks into other users decks.
network
low complexity
nextcloud CWE-269
4.1