Vulnerabilities > Nextcloud
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-04 | CVE-2019-15614 | Cross-site Scripting vulnerability in Nextcloud Missing sanitization in the iOS App 2.24.4 causes an XSS when opening malicious HTML files. | 3.5 |
| 2020-02-04 | CVE-2019-15613 | Insufficient Verification of Data Authenticity vulnerability in multiple products A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes. | 8.0 |
| 2020-02-04 | CVE-2019-15612 | Session Fixation vulnerability in Nextcloud Server A bug in Nextcloud Server 15.0.2 causes pending 2FA logins to not be correctly expired when the password of the user is reset. | 3.2 |
| 2020-02-04 | CVE-2019-15611 | Unspecified vulnerability in Nextcloud Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g. | 4.0 |
| 2020-02-04 | CVE-2019-15610 | Incorrect Authorization vulnerability in Nextcloud Circles Improper authorization in the Circles app 0.17.7 causes retaining access when an email address was removed from a circle. | 4.0 |
| 2019-08-07 | CVE-2019-5476 | SQL Injection vulnerability in Nextcloud Lookup-Server 0.2.0 An SQL Injection in the Nextcloud Lookup-Server < v0.3.0 (running on https://lookup.nextcloud.com) caused unauthenticated users to be able to execute arbitrary SQL commands. | 9.8 |
| 2019-07-30 | CVE-2019-5455 | Improper Authentication vulnerability in Nextcloud 3.6.0 Bypassing lock protection exists in Nextcloud Android app 3.6.0 when creating a multi-account and aborting the process. | 6.8 |
| 2019-07-30 | CVE-2019-5454 | SQL Injection vulnerability in Nextcloud SQL Injection in the Nextcloud Android app prior to version 3.0.0 allows to destroy a local cache when a harmful query is executed requiring to resetup the account. | 9.8 |
| 2019-07-30 | CVE-2019-5453 | Improper Authentication vulnerability in Nextcloud Bypass lock protection in the Nextcloud Android app prior to version 3.3.0 allowed access to files when being prompted for the lock protection and switching to the Nextcloud file provider. | 3.6 |
| 2019-07-30 | CVE-2019-5452 | Unspecified vulnerability in Nextcloud Bypass lock protection in the Nextcloud Android app prior to version 3.6.2 causes leaking of thumbnails when requesting the Android content provider although the lock protection was not solved. | 2.1 |