Vulnerabilities > Nextcloud > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-09 | CVE-2020-8133 | Improper Verification of Cryptographic Signature vulnerability in Nextcloud Server 19.0.1 A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed an attacker to overwrite blocks in a file. | 5.3 |
| 2020-11-02 | CVE-2020-8236 | Improper Authentication vulnerability in Nextcloud Server A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor verification by asking for the PIN of the passwordless WebAuthn but not verifying it. | 6.8 |
| 2020-10-05 | CVE-2020-8235 | Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Deck 1.0.4 Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments. | 4.3 |
| 2020-10-05 | CVE-2020-8228 | Improper Restriction of Excessive Authentication Attempts vulnerability in multiple products A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times. | 5.3 |
| 2020-10-05 | CVE-2020-8223 | Improper Privilege Management vulnerability in multiple products A logic error in Nextcloud Server 19.0.0 caused a privilege escalation allowing malicious users to reshare with higher permissions than they got assigned themselves. | 6.5 |
| 2020-08-21 | CVE-2020-8227 | Path Traversal vulnerability in Nextcloud Desktop Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory. | 6.8 |
| 2020-08-21 | CVE-2020-8189 | Cross-site Scripting vulnerability in Nextcloud Desktop A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the login attempt. | 5.4 |
| 2020-08-17 | CVE-2020-8230 | Out-of-bounds Write vulnerability in Nextcloud Desktop A memory corruption vulnerability exists in NextCloud Desktop Client v2.6.4 where missing ASLR and DEP protections in for windows allowed to corrupt memory. | 5.5 |
| 2020-08-10 | CVE-2020-8229 | Memory Leak vulnerability in Nextcloud Desktop A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system. | 5.5 |
| 2020-07-30 | CVE-2020-8202 | Improper Restriction of Excessive Authentication Attempts vulnerability in Nextcloud Preferred Providers 1.6.0 Improper check of inputs in Nextcloud Preferred Providers app v1.6.0 allowed to perform a denial of service attack when using a very long password. | 5.3 |