Permission bypass in DiskLruImageCacheFileProvider (GHSL-2021-1008)

None...

Nextcloud Android app 信息泄露漏洞

Nextcloud Android app is an Android-based mobile application for accessing Nextcloud servers from the German company Nextcloud. information disclosure in versions of Nextcloud Android app prior to 3.17.1, the vulnerability stems from a network system or product that has a configuration and other...

CVE-2021-43863

The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. The Nextcloud Android app uses content providers to manage its data. Prior to version 3.18.1, the providers FileContentProvider and DiskLruImageCacheFileProvider have security issues an SQL...

CVE-2021-43863

The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. The Nextcloud Android app uses content providers to manage its data. Prior to version 3.18.1, the providers FileContentProvider and DiskLruImageCacheFileProvider have security issues an SQL...

Sql injection

The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. The Nextcloud Android app uses content providers to manage its data. Prior to version 3.18.1, the providers FileContentProvider and DiskLruImageCacheFileProvider have security issues an SQL...

CVE-2021-43863 SQL Injection in FileContentProvider (GHSL-2021-1007)

The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. The Nextcloud Android app uses content providers to manage its data. Prior to version 3.18.1, the providers FileContentProvider and DiskLruImageCacheFileProvider have security issues an SQL...

CVE-2021-43863

CVE-2021-43863 affects the Nextcloud Android app (pre-3.18.1). The vulnerability involves the FileContentProvider (SQL injection) and DiskLruImageCacheFileProvider (insufficient permission control), enabling malicious apps on the same device to access Nextcloud data by bypassing the app’s permiss...

CVE-2021-43863 SQL Injection in FileContentProvider (GHSL-2021-1007)

The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. The Nextcloud Android app uses content providers to manage its data. Prior to version 3.18.1, the providers FileContentProvider and DiskLruImageCacheFileProvider have security issues an SQL...

Nextcloud Android app SQL注入漏洞

Nextcloud Android app is an Android-based mobile application from Nextcloud Germany for accessing Nextcloud servers. nextcloud Android app is vulnerable to SQL injection, a vulnerability that stems from the lack of validation of externally entered SQL statements in database-based applications. An...

GLSA-202105-37 : Nextcloud Desktop Client: User-assisted execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-202105-37 Nextcloud Desktop Client: User-assisted execution of arbitrary code It was discovered that Nextcloud Desktop Client did not validate URLs. Impact : A remote attacker could entice a user to connect to a malicious Nextclou...

Nextcloud: com.nextcloud.client bypass the protection lock in andoid app v 3.18.1 latest version.

Summary: nextcloud allowed multiple account within the android client app on a single lock Steps To Reproduce: 1.open nextcloud app 2.add security password to protect the app 3.close the app again open the app and now show the password to open the app 1. so now the password protection bypass lets...

Nextcloud: Nextcloud Deck : Possibility for anyone to add a stack with existing tasks on anyone's board

Hi everyone, Hope you are well ! I found an IDOR vulnerability, allowing any user without privilege to add lists with tasks in any user board. This was tested on a Nextcloud Hub II server v23 with the Deck application in version 1.6.0. Steps To Reproduce: Beforehand: - Have an A user with a board...

openSUSE 15 Security Update : nextcloud (openSUSE-SU-2021:1602-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1602-1 advisory. - Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, Nextcloud Server did not...

OPENSUSE-SU-2021:1602-1 Security update for nextcloud

This update for nextcloud fixes the following issues: Update to 20.0.14 Security issues fixed: CVE-2021-41179: Fix boo1192028 - CWE-304: Two-Factor Authentication not enforced for pages marked as public CVE-2021-41178: Fix boo1192030 - CWE-434: File Traversal affecting SVG files on Nextcloud Serv...

Security update for nextcloud (important)

openSUSE Security Update: Security update for nextcloud Announcement ID: openSUSE-SU-2021:1602-1 Rating: important References: 1192028 1192030 1192031 Cross-References: CVE-2021-41177 CVE-2021-41178 CVE-2021-41179 CVSS scores: CVE-2021-41177 NVD : 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H...

Nextcloud Talk Cross-Site Scripting Vulnerability (CNVD-2022-18416)

Nextcloud Talk, a self-hosted local audio/video and chat communication service from Germany-based Nextcloud, is vulnerable to a cross-site scripting vulnerability that could be exploited by remote attackers to inject and execute arbitrary HTML and script code in the user's browser within the...

Unspecified vulnerability in Nextcloud Android app

Nextcloud Android app is an Android-based mobile application from Nextcloud Germany for accessing Nextcloud servers. nextcloud news- There is a security vulnerability in Android that allows an attacker to install a malicious application on the same device, which can be exploited by an attacker to...

CVE-2021-41256

nextcloud news-android is an Android client for the Nextcloud news/feed reader app. In affected versions the Nextcloud News for Android app has a security issue by which a malicious application installed on the same device can send it an arbitrary Intent that gets reflected back, unintentionally...

CVE-2021-41256

nextcloud news-android is an Android client for the Nextcloud news/feed reader app. In affected versions the Nextcloud News for Android app has a security issue by which a malicious application installed on the same device can send it an arbitrary Intent that gets reflected back, unintentionally...

Code injection

nextcloud news-android is an Android client for the Nextcloud news/feed reader app. In affected versions the Nextcloud News for Android app has a security issue by which a malicious application installed on the same device can send it an arbitrary Intent that gets reflected back, unintentionally...