CVE-2021-41181 Nextcloud Talk app exposes chat messages on lockscreen

Nextcloud talk is a self hosting messaging service. In versions prior to 12.3.0 the Nextcloud Android Talk application did not properly detect the lockscreen state when a call was incoming. If an attacker got physical access to the locked phone, and the victim received a phone call the attacker...

CVE-2021-41181

The CVE affects the Nextcloud Talk Android app prior to version 12.3.0. A flaw causes the app to fail to detect the device lockscreen state when an incoming call occurs, enabling an attacker with physical access to a locked phone to access chat messages and files. Affected component: Nextcloud An...

CVE-2021-41181 Nextcloud Talk app exposes chat messages on lockscreen

Nextcloud talk is a self hosting messaging service. In versions prior to 12.3.0 the Nextcloud Android Talk application did not properly detect the lockscreen state when a call was incoming. If an attacker got physical access to the locked phone, and the victim received a phone call the attacker...

CVE-2021-41180

CVE-2021-41180 affects Nextcloud Talk: geolocation preview links can be set to arbitrary URLs due to insufficient validation, enabling an open-redirect scenario. Reported impact is limited to Android Talk clients, with the recommended mitigation being upgrading the Nextcloud Talk app to version 1...

CVE-2021-41180 Geolocation preview links can be set to arbitrary links in nextcloud talk

Nextcloud talk is a self hosting messaging service. In versions prior 12.1.2 an attacker is able to control the link of a geolocation preview in the Nextcloud Talk application due to a lack of validation on the link. This could result in an open-redirect, but required user interaction. This only...

CVE-2021-41180 Geolocation preview links can be set to arbitrary links in nextcloud talk

Nextcloud talk is a self hosting messaging service. In versions prior 12.1.2 an attacker is able to control the link of a geolocation preview in the Nextcloud Talk application due to a lack of validation on the link. This could result in an open-redirect, but required user interaction. This only...

Groupfolders advanced permissions is not obeyed for subfolders

None...

User enumeration setting not obeyed in User Status API

None...

Geolocation preview links can be set to arbitrary links

None...

Talk app did allow access to sensitive chat messages on lockscreen

None...

Nextcloud 信息泄露漏洞

Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from the German company Nextcloud. nextcloud server is a self-hosted system designed to provide cloud-style services. nextcloud server is vulnerable to an information disclosure vulnerabili...

Nextcloud Talk 授权问题漏洞

Nextcloud Talk is a self-hosted local audio/video and chat communication service from Nextcloud Germany. Nextcloud Talk suffers from an authorization issue vulnerability that stems from the fact that in versions prior to 12.3.0, the Nextcloud Android Talk app fails to properly detect a locked...

Nextcloud Talk 输入验证错误漏洞

Nextcloud Talk, a self-hosted local audio/video and chat communication service from Nextcloud Germany, is vulnerable to a user redirection vulnerability in versions prior to 12.1.2. The vulnerability stems from the system's failure to reasonably handle target jumps, which could be exploited to...

PT-2022-11372 · Nextcloud · Nextcloud Talk Android

Name of the Vulnerable Software and Affected Versions: Nextcloud Android Talk App versions prior to 12.3.0 Description: Nextcloud talk is a self-hosting messaging service. The Nextcloud Android Talk application did not properly detect the lockscreen state when a call was incoming. If an attacker...

Nextcloud 安全漏洞

Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. nextcloud server is a self-hosted system designed to provide cloud-style services. nextcloud server is vulnerable to an authorization issue that stems from a lack of...

PT-2022-11378 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 20.0.14 Nextcloud Server versions prior to 21.0.6 Nextcloud Server versions prior to 22.2.1 Description: The Nextcloud server is a self-hosted system designed to provide cloud-style services. The groupfolder...

PT-2022-11377 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 20.0.14 Nextcloud Server versions prior to 21.0.6 Nextcloud Server versions prior to 22.2.1 Description: The Nextcloud server is a self-hosted system designed to provide cloud-style services. In affected...

Nextcloud: Information Exposure Through Directory Listing vulnerability

A directory listing provides an attacker with the complete index of all the resources located inside of the directory as well as download or access its contents. While the researcher did not dig deeper on to the available files, it might be possible that these websites host sensitive information...

openSUSE: Security Advisory for nextcloud (openSUSE-SU-2021:1602-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Nextcloud Android app information disclosure vulnerability (CNVD-2022-18414)

Nextcloud Android app is an Android-based mobile application for accessing Nextcloud servers from the German company Nextcloud. information disclosure in versions of Nextcloud Android app prior to 3.17.1, the vulnerability stems from a network system or product that has a configuration and other...