CVE-2021-32728 End-to-end encryption device setup did not verify public key

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. Clients using the Nextcloud end-to-end encryption feature download the public and private key via an API endpoint. In versions prior to 3.3.0, the Nextcloud Desktop client fails to check if a privat...

CVE-2021-32728

The CVE describes a vulnerability in Nextcloud Desktop Client prior to 3.3.0 where the client does not verify that a private key matches the previously downloaded public certificate when obtaining keys via the API. If a server serves a malicious public key, user data could be encrypted for that k...

CVE-2021-32728

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. Clients using the Nextcloud end-to-end encryption feature download the public and private key via an API endpoint. In versions prior to 3.3.0, the Nextcloud Desktop client fails to check if a privat...

End-to-end encryption device setup did not verify public key

None...

Untrusted Search Path in Nextcloud Desktop Client

None...

PT-2021-6528 · Nextcloud +1 · Nextcloud Desktop Client +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Desktop Client versions prior to 3.3.0 Description: The issue is related to the end-to-end encryption feature of the Nextcloud Desktop Client, where the client fails to check if a private key belongs to a previously downloaded publi...

Nextcloud Desktop Client 代码问题漏洞

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany.Nextcloud Desktop Client is a desktop client application for Nextcloud. A code issue vulnerability exists in Nextcloud Desktop Client versions 3.0.3 through...

Nextcloud Desktop Client 信任管理问题漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany.Nextcloud Desktop Client is a desktop client application for Nextcloud. A security vulnerability exists in versions of the Nextcloud Desktop Client prior to...

PT-2021-21739 · Nextcloud · Nextcloud Desktop Client

Name of the Vulnerable Software and Affected Versions: Nextcloud Desktop Client versions 3.0.3 through 3.2.4 Description: The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. The Client invokes its uninstaller script when being installed to ensure no...

Nextcloud: Arbitrary read of all SVG files on a Nextcloud server

Vulnerability description not provided...

CVE-2021-32748

Nextcloud Richdocuments in an open source self hosted online office. Nextcloud uses the WOPI "Web Application Open Platform Interface" protocol to communicate with the Collabora Editor, the communication between these two services was not protected by a credentials or IP check. Whilst this does n...

CVE-2021-32748

Nextcloud Richdocuments in an open source self hosted online office. Nextcloud uses the WOPI "Web Application Open Platform Interface" protocol to communicate with the Collabora Editor, the communication between these two services was not protected by a credentials or IP check. Whilst this does n...

Design/Logic Flaw

Nextcloud Richdocuments in an open source self hosted online office. Nextcloud uses the WOPI "Web Application Open Platform Interface" protocol to communicate with the Collabora Editor, the communication between these two services was not protected by a credentials or IP check. Whilst this does n...

CVE-2021-32748 WOPI API not protected by credentials/IP check

Nextcloud Richdocuments in an open source self hosted online office. Nextcloud uses the WOPI "Web Application Open Platform Interface" protocol to communicate with the Collabora Editor, the communication between these two services was not protected by a credentials or IP check. Whilst this does n...

CVE-2021-32748

The CVE-2021-32748 issue affects Nextcloud Richdocuments, where WOPI API calls between Richdocuments and Collabora Editor lacked credentials/IP-based access checks. This allowed bypassing watermarks/download protections configured via File Access Control, though it did not grant access to data un...

WOPI API not protected by credentials/IP check

None...

Fedora: Security Advisory for nextcloud (FEDORA-2021-9b421b78af)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for nextcloud (FEDORA-2021-6f327296fe)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Nextcloud 安全漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Richdocuments that allows remote attackers to access sensitive information on the target system...

[SECURITY] Fedora 33 Update: nextcloud-19.0.13-1.fc33

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...