CVE-2022-24886

Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. In versions prior to 3.19.0, any application with notification permission can access contacts if Nextcloud has access to Contacts without applying for the Contacts permission itself. Version 3.19.0...

CVE-2022-39210

Nextcloud android is the official Android client for the Nextcloud home server platform. Internal paths to the Nextcloud Android app files are not properly protected. As a result access to internal files of the from within the Nextcloud Android app is possible. This may lead to a leak of sensitiv...

CVE-2022-29160

Nextcloud Android is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.0, sensitive tokens, images, and user related details exist after deletion of a user account. This could result in misuse of the former account holder's information. Nextcloud Android...

CVE-2021-43863

The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. The Nextcloud Android app uses content providers to manage its data. Prior to version 3.18.1, the providers FileContentProvider and DiskLruImageCacheFileProvider have security issues an SQL...

CVE-2021-32658

Nextcloud Android is the Android client for the Nextcloud open source home cloud system. Due to a timeout issue the Android client may not properly clean all sensitive data on account removal. This could include sensitive key material such as the End-to-End encryption keys. It is recommended that...

CVE-2021-32695

Nextcloud Android app is the Android client for Nextcloud. In versions prior to 3.16.1, a malicious app on the same device could have gotten access to the shared preferences of the Nextcloud Android application. This required user-interaction as a victim had to initiate the sharing flow and choos...

CVE-2021-22905

Nextcloud Android App com.nextcloud.client before v3.16.0 is vulnerable to information disclosure due to searches for sharees being performed by default on the lookup server instead of only using the local Nextcloud server unless a global search has been explicitly chosen by the user...

CVE-2021-32694

Nextcloud Android app is the Android client for Nextcloud. In versions prior to 3.15.1, a malicious application on the same device is possible to crash the Nextcloud Android Client due to an uncaught exception. The vulnerability is patched in version 3.15.1...

CVE-2021-32727

Nextcloud Android Client is the Android client for Nextcloud. Clients using the Nextcloud end-to-end encryption feature download the public and private key via an API endpoint. In versions prior to 3.16.1, the Nextcloud Android client skipped a step that involved the client checking if a private...

CVE-2019-5451

Bypass lock protection in the Nextcloud Android app prior to version 3.6.1 allows accessing the files when repeatedly opening and closing the app in a very short time...

CVE-2019-5452

Bypass lock protection in the Nextcloud Android app prior to version 3.6.2 causes leaking of thumbnails when requesting the Android content provider although the lock protection was not solved...

CVE-2019-5450

Improper sanitization of HTML in directory names in the Nextcloud Android app prior to version 3.7.0 allowed to style the directory name in the header bar when using basic HTML...

CVE-2019-15622

Not strictly enough sanitization in the Nextcloud Android app 3.6.0 allowed an attacker to get content information from protected tables when using custom queries...

CVE-2023-28999

CVE-2023-28999 affects Nextcloud clients: Desktop 3.0.0–3.8.0, Android 3.13.0–3.25.0, iOS 3.0.5–4.8.0. Description in OSV/NVD indicates a malicious server administrator can gain full access to an end-to-end encrypted folder, decrypt files, recover folder structure, and add new files, due to a lac...

PT-2023-22075 · Nextcloud +2 · Nextcloud Android App +4

Name of the Vulnerable Software and Affected Versions: Nextcloud Desktop client versions 3.0.0 through 3.8.0 Nextcloud Android app versions 3.13.0 through 3.25.0 Nextcloud iOS app versions 3.0.5 through 4.8.0 Description: A malicious server administrator can gain full access to an end-to-end...

SUSE CVE-2023-28646

Nextcloud android is an android app for interfacing with the nextcloud home server ecosystem. In versions from 3.7.0 and before 3.24.1 an attacker that has access to the unlocked physical device can bypass the Nextcloud Android Pin/passcode protection via a thirdparty app. This allows to see meta...

Design/Logic Flaw

Nextcloud android is an android app for interfacing with the nextcloud home server ecosystem. In versions from 3.7.0 and before 3.24.1 an attacker that has access to the unlocked physical device can bypass the Nextcloud Android Pin/passcode protection via a thirdparty app. This allows to see meta...

CVE-2023-28646 App lockout in nextcloud Android app can be bypassed via thirdparty apps

Nextcloud android is an android app for interfacing with the nextcloud home server ecosystem. In versions from 3.7.0 and before 3.24.1 an attacker that has access to the unlocked physical device can bypass the Nextcloud Android Pin/passcode protection via a thirdparty app. This allows to see meta...

Nextcloud Android app 安全漏洞

The Nextcloud Android app is an Android-based mobile application for accessing Nextcloud servers from Nextcloud Germany. A security vulnerability exists in Nextcloud android version 3.7.0 up to and including version 3.24.1, which stems from the ability to bypass Nextcloud Android Pin/passcode...

PT-2023-21871 · Nextcloud · Nextcloud Android App

Name of the Vulnerable Software and Affected Versions: Nextcloud Android versions 3.7.0 through 3.24.0 Description: The Nextcloud Android app has a security issue that allows an attacker with access to an unlocked physical device to bypass the Pin/passcode protection using a third-party app. This...