Vulnerabilities > Nextcloud > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-12 | CVE-2021-32679 | Nextcloud Server is a Nextcloud package that handles data storage. | 8.8 |
| 2021-06-01 | CVE-2021-32656 | Unspecified vulnerability in Nextcloud Server Nextcloud Server is a Nextcloud package that handles data storage. | 8.6 |
| 2021-04-14 | CVE-2021-22879 | Injection vulnerability in multiple products Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. | 8.8 |
| 2021-01-26 | CVE-2020-8295 | Resource Exhaustion vulnerability in Nextcloud Server A wrong check in Nextcloud Server 19 and prior allowed to perform a denial of service attack when resetting the password for a user. | 7.5 |
| 2020-11-19 | CVE-2020-8279 | Improper Certificate Validation vulnerability in Nextcloud Social Missing validation of server certificates for out-going connections in Nextcloud Social < 0.4.0 allowed a man-in-the-middle attack. | 7.4 |
| 2020-11-16 | CVE-2020-8259 | Insufficiently Protected Credentials vulnerability in Nextcloud Server Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryption keys. | 8.1 |
| 2020-11-02 | CVE-2020-8183 | Insufficiently Protected Credentials vulnerability in Nextcloud Server A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call. | 7.5 |
| 2020-10-05 | CVE-2020-8182 | Improper Preservation of Permissions vulnerability in Nextcloud Deck 0.8.0 Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permissions than they had themselves. | 8.0 |
| 2020-09-18 | CVE-2020-8225 | Cleartext Storage of Sensitive Information vulnerability in Nextcloud Desktop A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials. | 7.5 |
| 2020-08-10 | CVE-2020-8224 | Code Injection vulnerability in Nextcloud Desktop A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory. | 7.8 |