Shodan
Vulnerabilities
Vulnerable Software
Nextcloud:  >> Nextcloud Server  >> 15.0.2  Security Vulnerabilities
CVE-2020-8150
A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files.
CVSS Score
4.1
EPSS Score
0.0
Published
2020-11-09
CVE-2020-8173
A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended.
CVSS Score
2.2
EPSS Score
0.003
Published
2020-11-02
CVE-2020-8183
A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call.
CVSS Score
7.5
EPSS Score
0.01
Published
2020-11-02
CVE-2020-8236
A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor verification by asking for the PIN of the passwordless WebAuthn but not verifying it.
CVSS Score
6.8
EPSS Score
0.002
Published
2020-11-02
CVE-2020-8154
An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint.
CVSS Score
7.7
EPSS Score
0.01
Published
2020-05-12
CVE-2020-8155
An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF.
CVSS Score
5.4
EPSS Score
0.006
Published
2020-05-12
CVE-2020-8138
A missing check for IPv4 nested inside IPv6 in Nextcloud server < 17.0.1, < 16.0.7, and < 15.0.14 allowed a Server-Side Request Forgery (SSRF) vulnerability when subscribing to a malicious calendar URL.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-03-20
CVE-2020-8118
An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application.
CVSS Score
5.0
EPSS Score
0.013
Published
2020-02-04
CVE-2020-8119
Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app.
CVSS Score
4.3
EPSS Score
0.005
Published
2020-02-04
CVE-2019-15616
Dangling remote share attempts in Nextcloud 16 allow a DNS pollution when running long.
CVSS Score
4.3
EPSS Score
0.003
Published
2020-02-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved