Vulnerabilities > Nextcloud

DATE CVE VULNERABILITY TITLE RISK
2018-07-05 CVE-2018-3761 Improper Authentication vulnerability in Nextcloud Server
Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper authentication on the OAuth2 token endpoint.
network
low complexity
nextcloud CWE-287
8.1
2018-03-28 CVE-2017-0936 Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Server
Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability.
network
low complexity
nextcloud CWE-639
5.7
2017-05-08 CVE-2017-0895 Information Exposure vulnerability in Nextcloud Server
Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure of calendar and addressbook names to other logged-in users.
network
low complexity
nextcloud CWE-200
3.5
2017-05-08 CVE-2017-0894 Incorrect Authorization vulnerability in Nextcloud Server
Nextcloud Server before 11.0.3 is vulnerable to disclosure of valid share tokens for public calendars due to a logical error.
network
low complexity
nextcloud CWE-863
4.3
2017-05-08 CVE-2017-0893 Cross-site Scripting vulnerability in Nextcloud Server
Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are shipping a vulnerable JavaScript library for sanitizing untrusted user-input which suffered from a XSS vulnerability caused by a behaviour change in Safari 10.1 and 10.2.
network
low complexity
nextcloud CWE-79
5.4
2017-05-08 CVE-2017-0892 Session Fixation vulnerability in Nextcloud Server
Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an application specific password without permission to the files access to the users file.
network
low complexity
nextcloud CWE-384
3.5
2017-05-08 CVE-2017-0891 Cross-site Scripting vulnerability in Nextcloud Server
Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to an inadequate escaping of error messages leading to XSS vulnerabilities in multiple components.
network
low complexity
nextcloud CWE-79
5.4
2017-05-08 CVE-2017-0890 Cross-site Scripting vulnerability in Nextcloud Server
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module.
network
low complexity
nextcloud CWE-79
5.4
2017-04-05 CVE-2017-0888 Improper Input Validation vulnerability in Nextcloud
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoofing vulnerability in the "files" app.
network
low complexity
nextcloud CWE-20
4.3
2017-04-05 CVE-2017-0887 Improper Input Validation vulnerability in Nextcloud Server
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation.
network
low complexity
nextcloud CWE-20
4.3