Vulnerabilities > Nextcloud > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-10 | CVE-2020-8229 | Memory Leak vulnerability in Nextcloud Desktop A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system. | 4.9 |
| 2020-07-30 | CVE-2020-8202 | Improper Restriction of Excessive Authentication Attempts vulnerability in Nextcloud Preferred Providers 1.6.0 Improper check of inputs in Nextcloud Preferred Providers app v1.6.0 allowed to perform a denial of service attack when using a very long password. | 5.0 |
| 2020-07-10 | CVE-2020-8181 | Unrestricted Upload of File with Dangerous Type vulnerability in Nextcloud Contacts A missing file type check in Nextcloud Contacts 3.2.0 allowed a malicious user to upload any file as avatars. | 4.3 |
| 2020-07-02 | CVE-2020-8179 | Improper Privilege Management vulnerability in Nextcloud Deck Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to inject tasks into other users decks. | 4.0 |
| 2020-06-08 | CVE-2020-8180 | Code Injection vulnerability in Nextcloud Talk A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed a code injection when a not correctly sanitized talk command was added by an administrator. | 6.5 |
| 2020-05-12 | CVE-2020-8155 | Cross-site Scripting vulnerability in Nextcloud Server An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF. | 5.4 |
| 2020-03-20 | CVE-2020-8140 | Code Injection vulnerability in Nextcloud Desktop A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the environment. | 6.7 |
| 2020-03-20 | CVE-2020-8139 | Missing Authorization vulnerability in multiple products A missing access control check in Nextcloud Server < 18.0.1, < 17.0.4, and < 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL. | 6.5 |
| 2020-03-20 | CVE-2020-8138 | Server-Side Request Forgery (SSRF) vulnerability in Nextcloud Server A missing check for IPv4 nested inside IPv6 in Nextcloud server < 17.0.1, < 16.0.7, and < 15.0.14 allowed a Server-Side Request Forgery (SSRF) vulnerability when subscribing to a malicious calendar URL. | 4.0 |
| 2020-02-04 | CVE-2020-8122 | Improper Input Validation vulnerability in Nextcloud Server A missing check in Nextcloud Server 14.0.3 could give recipient the possibility to extend the expiration date of a share they received. | 4.0 |