Vulnerabilities > Nextcloud > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-12 | CVE-2020-8153 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Improper access control in Groupfolders app 4.0.3 allowed to delete hidden directories when when renaming an accessible item to the same name. | 8.1 |
| 2020-02-04 | CVE-2020-8121 | Exposure of Resource to Wrong Sphere vulnerability in Nextcloud Server A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer. | 8.1 |
| 2020-02-04 | CVE-2019-15613 | Insufficient Verification of Data Authenticity vulnerability in multiple products A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes. | 8.0 |
| 2019-06-05 | CVE-2019-12739 | OS Command Injection vulnerability in Nextcloud Extract lib/Controller/ExtractionController.php in the Extract add-on before 1.2.0 for Nextcloud allows Remote Code Execution via shell metacharacters in a RAR filename via ajax/extractRar.php (nameOfFile and directory parameters). | 8.8 |
| 2018-10-30 | CVE-2018-16466 | Improper Check for Dropped Privileges vulnerability in Nextcloud Server Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrictions by acess tokens. | 8.1 |
| 2018-08-12 | CVE-2018-3775 | Improper Authentication vulnerability in Nextcloud Server Improper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obtained user credentials to bypass the 2 Factor Authentication. | 8.8 |
| 2018-07-05 | CVE-2018-3761 | Improper Authentication vulnerability in Nextcloud Server Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper authentication on the OAuth2 token endpoint. | 8.1 |
| 2017-03-28 | CVE-2016-9463 | Improper Authentication vulnerability in multiple products Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. | 8.1 |