Vulnerabilities > Nextcloud

DATE CVE VULNERABILITY TITLE RISK
2017-04-05 CVE-2017-0884 Incorrect Permission Assignment for Critical Resource vulnerability in Nextcloud Server
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue.
network
low complexity
nextcloud CWE-732
4.3
2017-04-05 CVE-2017-0883 Incorrect Permission Assignment for Critical Resource vulnerability in Nextcloud Server
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue.
network
low complexity
nextcloud CWE-732
6.4
2017-03-28 CVE-2016-9468 Improper Access Control vulnerability in multiple products
Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app.
network
low complexity
owncloud nextcloud CWE-284
5.3
2017-03-28 CVE-2016-9467 Improper Access Control vulnerability in multiple products
Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app.
network
low complexity
owncloud nextcloud CWE-284
5.3
2017-03-28 CVE-2016-9466 Cross-site Scripting vulnerability in multiple products
Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Reflected XSS in the Gallery application.
network
low complexity
owncloud nextcloud CWE-79
6.1
2017-03-28 CVE-2016-9465 Cross-site Scripting vulnerability in multiple products
Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export.
network
low complexity
owncloud nextcloud CWE-79
5.4
2017-03-28 CVE-2016-9464 Improper Authorization vulnerability in Nextcloud Server
Nextcloud Server before 9.0.54 and 10.0.0 suffers from an improper authorization check on removing shares.
network
low complexity
nextcloud CWE-285
4.3
2017-03-28 CVE-2016-9463 Improper Authentication vulnerability in multiple products
Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass.
network
high complexity
owncloud nextcloud CWE-287
8.1
2017-03-28 CVE-2016-9462 Improper Access Control vulnerability in multiple products
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file.
network
low complexity
owncloud nextcloud CWE-284
4.3
2017-03-28 CVE-2016-9461 Improper Access Control vulnerability in multiple products
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions.
network
low complexity
owncloud nextcloud CWE-284
4.3