| Max CVSS | 7.2 | Min CVSS | 3.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2020-8139 | 4.0 |
A missing access control check in Nextcloud Server < 18.0.1, < 17.0.4, and < 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL.
|
04-06-2022 - 03:36 | 20-03-2020 - 21:15 | |
| CVE-2020-8153 | 5.5 |
Improper access control in Groupfolders app 4.0.3 allowed to delete hidden directories when when renaming an accessible item to the same name.
|
24-05-2022 - 18:25 | 12-05-2020 - 13:15 | |
| CVE-2020-8156 | 6.8 |
A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack.
|
24-05-2022 - 18:25 | 12-05-2020 - 13:15 | |
| CVE-2020-0081 | 7.2 |
In finalize of AssetManager.java, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Andr
|
03-05-2022 - 14:21 | 17-04-2020 - 19:15 | |
| CVE-2020-8223 | 3.5 |
A logic error in Nextcloud Server 19.0.0 caused a privilege escalation allowing malicious users to reshare with higher permissions than they got assigned themselves.
|
01-01-2022 - 18:16 | 05-10-2020 - 14:15 | |
| CVE-2020-8154 | 6.8 |
An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint.
|
19-10-2020 - 19:15 | 12-05-2020 - 13:15 | |
| CVE-2020-8155 | 3.5 |
An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF.
|
19-10-2020 - 19:15 | 12-05-2020 - 13:15 |