Nextcloud Server Security Vulnerabilities and Issues — Nextcloud Server CVE List

Lucene search

NextcloudNextcloud Server

7 matches found

CVE•added 2020/11/02 9:15 p.m.•126 views

CVE-2020-8183

A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call.

7.5CVSS7.5AI score0.00952EPSS

CVE•added 2020/11/16 1:15 a.m.•67 views

CVE-2020-8152

Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on.

4.4CVSS4.9AI score0.00114EPSS

CVE•added 2020/11/16 1:15 a.m.•59 views

CVE-2020-8259

Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryption keys.

8.1CVSS7.9AI score0.00205EPSS

CVE•added 2020/11/09 3:15 p.m.•43 views

CVE-2020-8150

A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files.

4.1CVSS4.4AI score0.00036EPSS

CVE•added 2020/11/02 9:15 p.m.•42 views

CVE-2020-8173

A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended.

3.5CVSS4.5AI score0.00276EPSS

CVE•added 2020/11/02 9:15 p.m.•42 views

CVE-2020-8236

A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor verification by asking for the PIN of the passwordless WebAuthn but not verifying it.

6.8CVSS6.6AI score0.00234EPSS

CVE•added 2020/11/09 3:15 p.m.•40 views

CVE-2020-8133

A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed an attacker to overwrite blocks in a file.

5.3CVSS5.1AI score0.00169EPSS