Server@14.0.0 Security Vulnerabilities and Issues — Server@14.0.0 CVE List

Lucene search

NextcloudServer14.0.0

5 matches found

CVE•added 2018/10/30 9:29 p.m.•48 views

CVE-2018-16467

A missing check in Nextcloud Server prior to 14.0.0 could give unauthorized access to the previews of single file password protected shares.

5.3CVSS5.2AI score0.00243EPSS

CVE•added 2018/10/30 9:29 p.m.•43 views

CVE-2018-16463

A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could potentially allow an attacker to obtain access to password protected shares.

3.6CVSS3.9AI score0.00132EPSS

CVE•added 2018/10/30 9:29 p.m.•43 views

CVE-2018-16466

Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrictions by acess tokens.

8.1CVSS7.9AI score0.00126EPSS

CVE•added 2018/10/30 9:29 p.m.•41 views

CVE-2018-16465

Missing state in Nextcloud Server prior to 14.0.0 would not enforce the use of a second factor at login if the the provider of the second factor failed to load.

5.3CVSS5.1AI score0.00149EPSS

CVE•added 2018/10/30 9:29 p.m.•35 views

CVE-2018-16464

A missing access check in Nextcloud Server prior to 14.0.0 could lead to continued access to password protected link shares when the owner had changed the password.

5.7CVSS5.5AI score0.00222EPSS