CVE-2021-22895

Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register with a Provider" flow...

CVE-2021-22895

Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register with a Provider" flow...

CVE-2021-22896

Nextcloud Mail before 1.9.5 suffers from improper access control due to a missing permission check allowing other authenticated users to create mail aliases for other users...

CVE-2021-22913

Nextcloud Deck prior to 1.2.7 and 1.4.1 is affected by an information disclosure vulnerability where searches for sharees are sent to the lookup server by default instead of the local Nextcloud server, unless a global search is explicitly chosen. The underlying issue is that the search requests a...

CVE-2021-22913

Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only the local Nextcloud server unless a global search has been explicitly chosen by the user...

CVE-2021-22912

The CVE-2021-22912 issue affects Nextcloud iOS app (before 3.4.2). The root cause is that searches for sharees default to querying the lookup server instead of restricting to the local Nextcloud server unless a global search is explicitly chosen, causing information disclosure of sharee searches....

CVE-2021-22912

Nextcloud iOS before 3.4.2 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only on the local Nextcloud server unless a global search has been explicitly chosen by the user...

Nextcloud Mail 访问控制错误漏洞

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An access control error vulnerability exists in Nextcloud Mail that stems from a lack of permission checking in Nextcloud Mail.Nextcloud Mail version 1.9.5 an...

Nextcloud 信任管理问题漏洞

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud, which stems from the vulnerability of the Nextcloud desktop client prior to 3.3.1 to incorrect certificate...

Nextcloud server 处理逻辑错误漏洞

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A processing logic error vulnerability exists in the Nextcloud server, which stems from the fact that the Nextcloud server is vulnerable to brute-force attack...

PT-2021-15263 · Nextcloud · Nextcloud End-To-End Encryption

Name of the Vulnerable Software and Affected Versions: Nextcloud End-to-End Encryption versions prior to 1.5.3 Nextcloud End-to-End Encryption versions prior to 1.6.3 Nextcloud End-to-End Encryption versions prior to 1.7.1 Description: The issue allows any authenticated user to lock files of othe...

Nextcloud: Sensitive files/ data exists post deletion of user account

In the latest android app ,I created an account in the name of [email protected]. After few activities,deleted the account . Files containing user emails and tokens still exist.Relevant files not deleted upon deletion of account. Content of files post deletion of account:...

Nextcloud Android Information Disclosure Vulnerability

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud Android suffers from an information disclosure vulnerability that stems from the fact that due to a timeout issue, the Android client may fail to...

CVE-2021-32658

Nextcloud Android is the Android client for the Nextcloud open source home cloud system. Due to a timeout issue the Android client may not properly clean all sensitive data on account removal. This could include sensitive key material such as the End-to-End encryption keys. It is recommended that...

CVE-2021-32658

Nextcloud Android is the Android client for the Nextcloud open source home cloud system. Due to a timeout issue the Android client may not properly clean all sensitive data on account removal. This could include sensitive key material such as the End-to-End encryption keys. It is recommended that...

Code injection

Nextcloud Android is the Android client for the Nextcloud open source home cloud system. Due to a timeout issue the Android client may not properly clean all sensitive data on account removal. This could include sensitive key material such as the End-to-End encryption keys. It is recommended that...

CVE-2021-32658

The CVE-2021-32658 entry concerns the Nextcloud Android app. A timeout issue may prevent proper cleanup of sensitive data on account removal, potentially leaving key material such as End-to-End encryption keys accessible. Affected software: Nextcloud Android client (versions prior to 3.16.1). Und...

CVE-2021-32658 Sensitive data may not be removed from storage on account removal

Nextcloud Android is the Android client for the Nextcloud open source home cloud system. Due to a timeout issue the Android client may not properly clean all sensitive data on account removal. This could include sensitive key material such as the End-to-End encryption keys. It is recommended that...

Sensitive data may not be removed from storage on account removal

None...

Nextcloud Android 信息泄露漏洞

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud Android suffers from an information disclosure vulnerability that stems from the fact that due to a timeout issue, the Android client may fail to...