CVE-2021-22895

Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register with a Provider" flow...

CVE-2021-22895

Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register with a Provider" flow...

CVE-2021-22896

Nextcloud Mail before 1.9.5 suffers from improper access control due to a missing permission check allowing other authenticated users to create mail aliases for other users...

CVE-2021-22895

Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register with a Provider" flow...

Information disclosure

Nextcloud Android App com.nextcloud.client before v3.16.0 is vulnerable to information disclosure due to searches for sharees being performed by default on the lookup server instead of only using the local Nextcloud server unless a global search has been explicitly chosen by the user...

Design/Logic Flaw

Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brute force attacks due to lack of inclusion of IPv6 subnets in rate-limiting considerations. This could potentially result in an attacker bypassing rate-limit controls such as the Nextcloud brute-force protection...

Information disclosure

Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only the local Nextcloud server unless a global search has been explicitly chosen by the user...

Improper access control

Nextcloud Mail before 1.9.5 suffers from improper access control due to a missing permission check allowing other authenticated users to create mail aliases for other users...

Input validation

Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register with a Provider" flow...

Denial of service

Nextcloud End-to-End Encryption before 1.5.3, 1.6.3 and 1.7.1 suffers from a denial of service vulnerability due to permitting any authenticated users to lock files of other users...

Information disclosure

Nextcloud iOS before 3.4.2 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only on the local Nextcloud server unless a global search has been explicitly chosen by the user...

UBUNTU-CVE-2021-22895

Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register with a Provider" flow...

CVE-2021-22906

Issue summary: CVE-2021-22906 affects Nextcloud End-to-End Encryption before 1.5.3, 1.6.3 and 1.7.1. It allows any authenticated user to lock files of other users, creating a denial-of-service condition. Root cause (as stated): improper access control in the End-to-End Encryption app that lets au...

CVE-2021-22905

CVE-2021-22905 concerns the Nextcloud Android App (com.nextcloud.client) before v3.16.0, where searches for sharees were performed by the lookup server by default instead of restricting to the local Nextcloud server unless the user explicitly selects a global search. This behavior could disclose ...

CVE-2021-22906

Nextcloud End-to-End Encryption before 1.5.3, 1.6.3 and 1.7.1 suffers from a denial of service vulnerability due to permitting any authenticated users to lock files of other users...

CVE-2021-22905

Nextcloud Android App com.nextcloud.client before v3.16.0 is vulnerable to information disclosure due to searches for sharees being performed by default on the lookup server instead of only using the local Nextcloud server unless a global search has been explicitly chosen by the user...

CVE-2021-22896

CVE-2021-22896 affects Nextcloud Mail prior to 1.9.5, where a missing permission check allows other authenticated users to create mail aliases for other users. The issue is an access-control error in Nextcloud Mail (1.9.5 and earlier). Impact notes: attackers could create aliases for existing mai...

CVE-2021-22895

CVE-2021-22895 refers to a vulnerability in Nextcloud Desktop Client prior to 3.3.1 where SSL certificate validation is not performed during the “Register with a Provider” flow, due to missing certificate verification. The root cause is improper certificate validation in the provider enrollment p...

CVE-2021-22915

Concrete details from connected documents indicate CVE-2021-22915 affects Nextcloud server versions up to 19.0.11, 20.0.10, 21.0.2, due to IPv6 subnets not being included in rate-limiting for brute-force protection. The vulnerability allows bypassing rate-limit protections, with impact described ...

CVE-2021-22915

Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brute force attacks due to lack of inclusion of IPv6 subnets in rate-limiting considerations. This could potentially result in an attacker bypassing rate-limit controls such as the Nextcloud brute-force protection...