4969 matches found
CVE-2021-32676
Nextcloud Talk is a fully on-premises audio/video and chat communication service. Password protected shared chats in Talk before version 9.0.10, 10.0.8 and 11.2.2 did not rotate the session cookie after a successful authentication event. It is recommended that the Nextcloud Talk App is upgraded t...
Code injection
Nextcloud Talk is a fully on-premises audio/video and chat communication service. Password protected shared chats in Talk before version 9.0.10, 10.0.8 and 11.2.2 did not rotate the session cookie after a successful authentication event. It is recommended that the Nextcloud Talk App is upgraded t...
CVE-2021-32676
Nextcloud Talk suffers a session fixation vulnerability: password-protected shared talks did not rotate the session cookie after authentication in versions prior to 9.0.10, 10.0.8 and 11.2.2. Exploitation could allow an attacker to hijack a guest session. Remediation is to upgrade the Nextcloud T...
CVE-2021-32676 Session Fixation in Nextcloud Talk
Nextcloud Talk is a fully on-premises audio/video and chat communication service. Password protected shared chats in Talk before version 9.0.10, 10.0.8 and 11.2.2 did not rotate the session cookie after a successful authentication event. It is recommended that the Nextcloud Talk App is upgraded t...
Nextcloud Talk Authorization Issues Vulnerability (CNVD-2021-44989)
Nextcloud Talk is a self-hosted local audio/video and chat communication service from Nextcloud Germany. An authorization issue vulnerability exists in Nextcloud Talk that stems from unchanged cookie session data after changing authentication information in Talk. No details of the vulnerability a...
Session Fixation in Nextcloud Talk
None...
Nextcloud Talk 授权问题漏洞
Nextcloud Talk is a self-hosted local audio/video and chat communication service from Nextcloud Germany. An authorization issue vulnerability exists in Nextcloud Talk that stems from unchanged cookie session data after changing authentication information in Talk. No details of the vulnerability a...
Nextcloud Server Brute-Force Protection Vulnerability (NC-SA-2021-009)
Nextcloud Server is prone to a vulnerability in the brute-force protection. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2021-22912
Nextcloud iOS before 3.4.2 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only on the local Nextcloud server unless a global search has been explicitly chosen by the user...
CVE-2021-22913
Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only the local Nextcloud server unless a global search has been explicitly chosen by the user...
CVE-2021-22905
Nextcloud Android App com.nextcloud.client before v3.16.0 is vulnerable to information disclosure due to searches for sharees being performed by default on the lookup server instead of only using the local Nextcloud server unless a global search has been explicitly chosen by the user...
CVE-2021-22913
Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only the local Nextcloud server unless a global search has been explicitly chosen by the user...
CVE-2021-22906
Nextcloud End-to-End Encryption before 1.5.3, 1.6.3 and 1.7.1 suffers from a denial of service vulnerability due to permitting any authenticated users to lock files of other users...
CVE-2021-22915
Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brute force attacks due to lack of inclusion of IPv6 subnets in rate-limiting considerations. This could potentially result in an attacker bypassing rate-limit controls such as the Nextcloud brute-force protection...
CVE-2021-22912
Nextcloud iOS before 3.4.2 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only on the local Nextcloud server unless a global search has been explicitly chosen by the user...
CVE-2021-22915
Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brute force attacks due to lack of inclusion of IPv6 subnets in rate-limiting considerations. This could potentially result in an attacker bypassing rate-limit controls such as the Nextcloud brute-force protection...
CVE-2021-22906
Nextcloud End-to-End Encryption before 1.5.3, 1.6.3 and 1.7.1 suffers from a denial of service vulnerability due to permitting any authenticated users to lock files of other users...
CVE-2021-22905
Nextcloud Android App com.nextcloud.client before v3.16.0 is vulnerable to information disclosure due to searches for sharees being performed by default on the lookup server instead of only using the local Nextcloud server unless a global search has been explicitly chosen by the user...
DEBIAN-CVE-2021-22895
Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register with a Provider" flow...
CVE-2021-22896
Nextcloud Mail before 1.9.5 suffers from improper access control due to a missing permission check allowing other authenticated users to create mail aliases for other users...