Vulnerabilities > Nextcloud > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-04-05 CVE-2017-0885 Information Exposure vulnerability in Nextcloud Server
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a error message disclosing existence of file in write-only share.
network
low complexity
nextcloud CWE-200
4.3
2017-04-05 CVE-2017-0884 Incorrect Permission Assignment for Critical Resource vulnerability in Nextcloud Server
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue.
network
low complexity
nextcloud CWE-732
4.3
2017-04-05 CVE-2017-0883 Incorrect Permission Assignment for Critical Resource vulnerability in Nextcloud Server
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue.
network
low complexity
nextcloud CWE-732
5.5
2017-03-28 CVE-2016-9468 Improper Access Control vulnerability in multiple products
Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app.
network
low complexity
nextcloud owncloud CWE-284
5.0
2017-03-28 CVE-2016-9467 Improper Access Control vulnerability in multiple products
Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app.
network
low complexity
nextcloud owncloud CWE-284
5.0
2017-03-28 CVE-2016-9466 Cross-site Scripting vulnerability in multiple products
Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Reflected XSS in the Gallery application.
4.3
2017-03-28 CVE-2016-9464 Improper Authorization vulnerability in Nextcloud Server
Nextcloud Server before 9.0.54 and 10.0.0 suffers from an improper authorization check on removing shares.
network
low complexity
nextcloud CWE-285
4.0
2017-03-28 CVE-2016-9463 Improper Authentication vulnerability in multiple products
Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass.
6.8
2017-03-28 CVE-2016-9462 Improper Access Control vulnerability in multiple products
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file.
network
low complexity
nextcloud owncloud CWE-284
4.0
2017-03-28 CVE-2016-9461 Improper Access Control vulnerability in multiple products
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions.
network
low complexity
nextcloud owncloud CWE-284
4.0