Nextcloud: >> Nextcloud Server >> 17.0.6 Security Vulnerabilities
A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files.
CVSS Score
4.1
EPSS Score
0.0
Published
2020-11-09
A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended.
CVSS Score
2.2
EPSS Score
0.003
Published
2020-11-02
A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it was given on the initial create API call.
CVSS Score
7.5
EPSS Score
0.01
Published
2020-11-02
A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor verification by asking for the PIN of the passwordless WebAuthn but not verifying it.
CVSS Score
6.8
EPSS Score
0.002
Published
2020-11-02
An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF.
CVSS Score
5.4
EPSS Score
0.006
Published
2020-05-12
Page 6