Vulnerabilities > Nextcloud > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-04-05 CVE-2017-0888 Improper Input Validation vulnerability in Nextcloud
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoofing vulnerability in the "files" app.
network
low complexity
nextcloud CWE-20
4.3
4.3
2017-04-05 CVE-2017-0887 Improper Input Validation vulnerability in Nextcloud Server
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the quota limitation.
network
low complexity
nextcloud CWE-20
4.3
4.3
2017-04-05 CVE-2017-0886 Uncontrolled Recursion vulnerability in Nextcloud Server
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Denial of Service attack.
network
low complexity
nextcloud CWE-674
6.5
6.5
2017-04-05 CVE-2017-0885 Information Exposure vulnerability in Nextcloud Server
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a error message disclosing existence of file in write-only share.
network
low complexity
nextcloud CWE-200
4.3
4.3
2017-04-05 CVE-2017-0884 Incorrect Permission Assignment for Critical Resource vulnerability in Nextcloud Server
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue.
network
low complexity
nextcloud CWE-732
4.3
4.3
2017-04-05 CVE-2017-0883 Incorrect Permission Assignment for Critical Resource vulnerability in Nextcloud Server
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue.
network
low complexity
nextcloud CWE-732
6.4
6.4
2017-03-28 CVE-2016-9468 Improper Access Control vulnerability in multiple products
Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app.
network
low complexity
owncloud nextcloud CWE-284
5.3
5.3
2017-03-28 CVE-2016-9467 Improper Access Control vulnerability in multiple products
Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app.
network
low complexity
owncloud nextcloud CWE-284
5.3
5.3
2017-03-28 CVE-2016-9466 Cross-site Scripting vulnerability in multiple products
Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Reflected XSS in the Gallery application.
network
low complexity
owncloud nextcloud CWE-79
6.1
6.1
2017-03-28 CVE-2016-9465 Cross-site Scripting vulnerability in multiple products
Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export.
network
low complexity
owncloud nextcloud CWE-79
5.4
5.4