VYPR

Nextcloud Enterprise Server

by Nextcloud

Source repositories

CVEs (133)

  • CVE-2019-15621MedFeb 4, 2020
    risk 0.42cvss 6.5epss 0.01

    Improper permissions preservation in Nextcloud Server 16.0.1 causes sharees to be able to reshare with write permissions when sharing the mount point of a share they received, as a public link.

  • CVE-2017-0886MedApr 5, 2017
    risk 0.42cvss 6.5epss 0.01

    Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Denial of Service attack. Due to an error in the application logic an authenticated adversary may trigger an endless recursion in the application leading to a potential Denial of Service.

  • CVE-2017-0883MedApr 5, 2017
    risk 0.42cvss 6.4epss 0.01

    Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission increase on re-sharing via OCS API issue. A permission related issue within the OCS sharing API allowed an authenticated adversary to reshare shared files with an increasing permission set. This may allow an…

  • CVE-2020-8120MedFeb 4, 2020
    risk 0.40cvss 6.1epss 0.01

    A reflected Cross-Site Scripting vulnerability in Nextcloud Server 16.0.1 was discovered in the svg generation.

  • CVE-2019-15612MedFeb 4, 2020
    risk 0.38cvss 5.9epss 0.00

    A bug in Nextcloud Server 15.0.2 causes pending 2FA logins to not be correctly expired when the password of the user is reset.

  • CVE-2026-45810MedJun 1, 2026
    risk 0.37cvss 6.8epss 0.00

    Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.12, and 32.0.0 to before 32.0.3, a missing check of a relation allowed authenticated users with access to any file comment, to read the content of all comments. It…

  • CVE-2018-16464MedOct 30, 2018
    risk 0.37cvss 5.7epss 0.01

    A missing access check in Nextcloud Server prior to 14.0.0 could lead to continued access to password protected link shares when the owner had changed the password.

  • CVE-2017-0936MedMar 28, 2018
    risk 0.37cvss 5.7epss 0.01

    Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. A missing ownership check allowed logged-in users to change the scope of app passwords of other users. Note that the app passwords themselves where neither…

  • CVE-2026-45282MedJun 1, 2026
    risk 0.35cvss 6.5epss 0.00

    Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, an authenticated attacker can access attachments of link shares when knowing the share token, circumventing password protection or…

  • CVE-2020-8294MedFeb 3, 2021
    risk 0.35cvss 5.4epss 0.01

    A missing link validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows execution of a stored XSS attack using Internet Explorer when saving a 'javascript:' URL in markdown format.

  • CVE-2020-8133MedNov 9, 2020
    risk 0.35cvss 5.3epss 0.01

    A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed an attacker to overwrite blocks in a file.

  • CVE-2020-8155MedMay 12, 2020
    risk 0.35cvss 5.4epss 0.01

    An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF.

  • CVE-2019-15623MedFeb 4, 2020
    risk 0.35cvss 5.3epss 0.02

    Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled.

  • CVE-2019-15617MedFeb 4, 2020
    risk 0.35cvss 5.4epss 0.01

    A missing check in Nextcloud Server 17.0.0 allowed an attacker to set up a new second factor when trying to login.

  • CVE-2018-16467MedOct 30, 2018
    risk 0.35cvss 5.3epss 0.01

    A missing check in Nextcloud Server prior to 14.0.0 could give unauthorized access to the previews of single file password protected shares.

  • CVE-2018-16465MedOct 30, 2018
    risk 0.35cvss 5.3epss 0.01

    Missing state in Nextcloud Server prior to 14.0.0 would not enforce the use of a second factor at login if the the provider of the second factor failed to load.

  • CVE-2018-3780MedAug 13, 2018
    risk 0.35cvss 5.4epss 0.01

    A missing sanitization of search results for an autocomplete field in NextCloud Server <13.0.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users.

  • CVE-2018-3776MedAug 12, 2018
    risk 0.35cvss 5.3epss 0.01

    Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker's actions not being logged in the audit log.

  • CVE-2017-0893MedMay 8, 2017
    risk 0.35cvss 5.4epss 0.01

    Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are shipping a vulnerable JavaScript library for sanitizing untrusted user-input which suffered from a XSS vulnerability caused by a behaviour change in Safari 10.1 and 10.2. Note that Nextcloud employs a strict…

  • CVE-2017-0891MedMay 8, 2017
    risk 0.35cvss 5.4epss 0.01

    Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to an inadequate escaping of error messages leading to XSS vulnerabilities in multiple components.

Page 2 of 7