CVE-2022-24886 Exposure of Sensitive Information to an Unauthorized Actor in com.nextcloud.client

Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. In versions prior to 3.19.0, any application with notification permission can access contacts if Nextcloud has access to Contacts without applying for the Contacts permission itself. Version 3.19.0...

CVE-2022-24885 Improper Authentication in Nextcloud Android Files

Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.1, users can bypass a lock on the Nextcloud app on an Android device by repeatedly reopening the app. Version 3.19.1 contains a fix for the problem. There are currently no known...

CVE-2022-24885 Improper Authentication in Nextcloud Android Files

Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.1, users can bypass a lock on the Nextcloud app on an Android device by repeatedly reopening the app. Version 3.19.1 contains a fix for the problem. There are currently no known...

CVE-2022-24885 Improper Authentication in Nextcloud Android Files

Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.1, users can bypass a lock on the Nextcloud app on an Android device by repeatedly reopening the app. Version 3.19.1 contains a fix for the problem. There are currently no known...

CVE-2022-24885

Summary: CVE-2022-24885 affects the Nextcloud Android app prior to version 3.19.1. The vulnerability lets an attacker bypass the app’s lock by repeatedly reopening the app on an Android device, potentially enabling access when the device is unlocked or unattended. Affected software: Nextcloud And...

When sharing a Deck card in conversation the metaData can be manipulated to open arbitrary URL

None...

Force an admin to install recommended applications

None...

Control character filtering misses leading and trailing whitespace in file and folder names

None...

Notification implicit PendingIntent in com.nextcloud.client allows to access contacts

None...

Can bypass the lock protection in Android Files app

None...

Nextcloud Android app 授权问题漏洞

Nextcloud Android app is an Android-based mobile application from Nextcloud Germany for accessing Nextcloud servers. nextcloud Android app versions prior to 3.19.1 contain an access control error vulnerability that stems from improper access control, which is exploited by An authenticated attacke...

PT-2022-16956 · Nextcloud · Nextcloud Android App

Name of the Vulnerable Software and Affected Versions: Nextcloud Android app versions prior to 3.19.0 Description: The issue allows any application with notification permission to access contacts if Nextcloud has access to Contacts, without the application needing to apply for the Contacts...

Nextcloud 数据伪造问题漏洞

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. A data forgery issue vulnerability exists in Nextcloud Server versions prior to 21.0.8, 22.2.4, and 23.0.1. An attacker exploiting this vulnerability could...

Nextcloud输入验证错误漏洞

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An input validation error vulnerability exists in Nextcloud Talk versions prior to 11.3.4, 12.2.2, and 13.0.0, which stems from an application that can...

Nextcloud 安全漏洞

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. A security vulnerability exists in versions prior to Nextcloud Server 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1, which stems from an application that allows for...

PT-2022-16958 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1 Description: The issue allows creating files and folders with leading and trailing , r, t, and v characters. The server rejects these characters when they appear in the...

PT-2022-16959 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 21.0.8 Nextcloud Server versions prior to 22.2.4 Nextcloud Server versions prior to 23.0.1 Description: The issue allows attackers to trick administrators into enabling unnecessary "recommended" apps for the...

Nextcloud Android app 信息泄露漏洞

Nextcloud Android app is an Android-based mobile application for accessing Nextcloud servers from the German company Nextcloud. nextcloud Android app versions prior to 3.19.0 are vulnerable to an information disclosure vulnerability that stems from insufficient privilege restrictions. An attacker...

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Server

None...

FreeBSD : Nextcloud Calendar -- SMTP Command Injection (2a314635-be46-11ec-a06f-d4c9ef517024)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 2a314635-be46-11ec-a06f-d4c9ef517024 advisory. - Nextcloud Calendar is a calendar application for the nextcloud framework. SMTP Command Injection in...