Nextcloud Server@16.0.0 Security Vulnerabilities and Issues — Nextcloud Server@16.0.0 CVE List

Lucene search

NextcloudNextcloud Server16.0.0

7 matches found

CVE•added 2020/02/04 8:15 p.m.•157 views

CVE-2019-15623

Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled.

5.3CVSS5.8AI score0.00322EPSS

CVE•added 2020/02/04 8:15 p.m.•143 views

CVE-2019-15621

Improper permissions preservation in Nextcloud Server 16.0.1 causes sharees to be able to reshare with write permissions when sharing the mount point of a share they received, as a public link.

6.5CVSS6.6AI score0.00121EPSS

CVE•added 2020/02/04 8:15 p.m.•138 views

CVE-2019-15613

A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes.

8CVSS7.6AI score0.00264EPSS

CVE•added 2020/02/04 8:15 p.m.•137 views

CVE-2020-8118

An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application.

5CVSS5.7AI score0.01317EPSS

CVE•added 2020/02/04 8:15 p.m.•136 views

CVE-2020-8119

Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app.

4.3CVSS5.4AI score0.00517EPSS

CVE•added 2020/03/20 9:15 p.m.•124 views

CVE-2020-8139

A missing access control check in Nextcloud Server < 18.0.1, < 17.0.4, and

6.5CVSS6.4AI score0.00317EPSS

CVE•added 2020/03/20 9:15 p.m.•119 views

CVE-2020-8138

A missing check for IPv4 nested inside IPv6 in Nextcloud server < 17.0.1, < 16.0.7, and

6.5CVSS6.2AI score0.00222EPSS