Vulnerabilities > Nextcloud

DATE CVE VULNERABILITY TITLE RISK
2017-03-28 CVE-2016-9464 Improper Authorization vulnerability in Nextcloud Server
Nextcloud Server before 9.0.54 and 10.0.0 suffers from an improper authorization check on removing shares.
network
low complexity
nextcloud CWE-285
4.0
2017-03-28 CVE-2016-9463 Improper Authentication vulnerability in multiple products
Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass.
6.8
2017-03-28 CVE-2016-9462 Improper Access Control vulnerability in multiple products
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file.
network
low complexity
nextcloud owncloud CWE-284
4.0
2017-03-28 CVE-2016-9461 Improper Access Control vulnerability in multiple products
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions.
network
low complexity
nextcloud owncloud CWE-284
4.0
2017-03-28 CVE-2016-9460 Improper Access Control vulnerability in multiple products
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a content-spoofing attack in the files app.
network
low complexity
nextcloud owncloud CWE-284
5.0
2017-03-28 CVE-2016-9459 Cross-site Scripting vulnerability in multiple products
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS.
4.3
2016-09-17 CVE-2016-7419 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in share.js in the gallery application in ownCloud Server before 9.0.4 and Nextcloud Server before 9.0.52 allows remote authenticated users to inject arbitrary web script or HTML via a crafted directory name.
3.5