Vulnerabilities > Nextcloud
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-04 | CVE-2019-15616 | Injection vulnerability in Nextcloud Server Dangling remote share attempts in Nextcloud 16 allow a DNS pollution when running long. | 4.3 |
| 2020-02-04 | CVE-2019-15615 | Improper Authentication vulnerability in Nextcloud A wrong check for the system time in the Android App 3.9.0 causes a bypass of the lock protection when changing the time of the system to the past. | 6.1 |
| 2020-02-04 | CVE-2019-15614 | Cross-site Scripting vulnerability in Nextcloud Missing sanitization in the iOS App 2.24.4 causes an XSS when opening malicious HTML files. | 5.4 |
| 2020-02-04 | CVE-2019-15613 | Insufficient Verification of Data Authenticity vulnerability in multiple products A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes. | 8.0 |
| 2020-02-04 | CVE-2019-15612 | Session Fixation vulnerability in Nextcloud Server A bug in Nextcloud Server 15.0.2 causes pending 2FA logins to not be correctly expired when the password of the user is reset. | 5.9 |
| 2020-02-04 | CVE-2019-15611 | Unspecified vulnerability in Nextcloud Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g. | 4.9 |
| 2020-02-04 | CVE-2019-15610 | Unspecified vulnerability in Nextcloud Circles Improper authorization in the Circles app 0.17.7 causes retaining access when an email address was removed from a circle. | 4.3 |
| 2019-08-07 | CVE-2019-5476 | SQL Injection vulnerability in Nextcloud Lookup-Server 0.2.0 An SQL Injection in the Nextcloud Lookup-Server < v0.3.0 (running on https://lookup.nextcloud.com) caused unauthenticated users to be able to execute arbitrary SQL commands. | 9.8 |
| 2019-07-30 | CVE-2019-5455 | Improper Authentication vulnerability in Nextcloud 3.6.0 Bypassing lock protection exists in Nextcloud Android app 3.6.0 when creating a multi-account and aborting the process. | 6.8 |
| 2019-07-30 | CVE-2019-5454 | SQL Injection vulnerability in Nextcloud SQL Injection in the Nextcloud Android app prior to version 3.0.0 allows to destroy a local cache when a harmful query is executed requiring to resetup the account. | 9.8 |