Vulnerabilities > Nextcloud

DATE CVE VULNERABILITY TITLE RISK
2020-02-04 CVE-2020-8120 Cross-site Scripting vulnerability in Nextcloud Server 16.0.1
A reflected Cross-Site Scripting vulnerability in Nextcloud Server 16.0.1 was discovered in the svg generation.
network
low complexity
nextcloud CWE-79
6.1
2020-02-04 CVE-2020-8119 Incorrect Authorization vulnerability in Nextcloud Server
Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app.
network
low complexity
nextcloud CWE-863
4.3
2020-02-04 CVE-2020-8118 Server-Side Request Forgery (SSRF) vulnerability in multiple products
An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application.
network
low complexity
nextcloud novell opensuse CWE-918
5.0
2020-02-04 CVE-2020-8117 Improper Preservation of Permissions vulnerability in Nextcloud Server
Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public event.
network
low complexity
nextcloud CWE-281
4.3
2020-02-04 CVE-2019-15624 Improper Input Validation vulnerability in multiple products
Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders.
network
low complexity
nextcloud opensuse suse CWE-20
4.9
2020-02-04 CVE-2019-15623 Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled.
network
low complexity
nextcloud suse opensuse
5.3
2020-02-04 CVE-2019-15622 SQL Injection vulnerability in Nextcloud
Not strictly enough sanitization in the Nextcloud Android app 3.6.0 allowed an attacker to get content information from protected tables when using custom queries.
low complexity
nextcloud CWE-89
2.4
2020-02-04 CVE-2019-15621 Improper Preservation of Permissions vulnerability in Nextcloud Server
Improper permissions preservation in Nextcloud Server 16.0.1 causes sharees to be able to reshare with write permissions when sharing the mount point of a share they received, as a public link.
network
low complexity
nextcloud CWE-281
6.5
2020-02-04 CVE-2019-15620 Unspecified vulnerability in Nextcloud Talk
Improper access control in Nextcloud Talk 6.0.3 leaks the existance and the name of private conversations when linked them to another shared item via the projects feature.
network
low complexity
nextcloud
2.7
2020-02-04 CVE-2019-15619 Cross-site Scripting vulnerability in Nextcloud Talk
Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project.
network
low complexity
nextcloud CWE-79
4.8