CVE-2021-22879

Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation...

CVE-2021-22879

Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation...

CVE-2021-22879

Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation...

Design/Logic Flaw

Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation...

UBUNTU-CVE-2021-22879

Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation...

CVE-2021-22879

CVE-2021-22879 affects Nextcloud Desktop Client prior to version 3.1.3. The vulnerability arises from missing validation of URLs, enabling a remote server to trigger resource injection and execute commands on the user’s machine, with user interaction required for exploitation. Public references f...

CVE-2021-22879

Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation...

CVE-2021-22879

Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation...

PT-2021-15251 · Nextcloud +2 · Nextcloud Desktop Client +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Desktop Client versions prior to 3.1.3 Description: The issue is related to resource injection due to missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation...

CVE-2021-29438

The Nextcloud dialogs library npm package @nextcloud/dialogs before 3.1.2 insufficiently escaped text input passed to a toast. If your application displays toasts with user-supplied input, this could lead to a XSS vulnerability. The vulnerability has been patched in version 3.1.2 If you need to...

CVE-2021-29438

The Nextcloud dialogs library npm package @nextcloud/dialogs before 3.1.2 insufficiently escaped text input passed to a toast. If your application displays toasts with user-supplied input, this could lead to a XSS vulnerability. The vulnerability has been patched in version 3.1.2 If you need to...

Design/Logic Flaw

The Nextcloud dialogs library npm package @nextcloud/dialogs before 3.1.2 insufficiently escaped text input passed to a toast. If your application displays toasts with user-supplied input, this could lead to a XSS vulnerability. The vulnerability has been patched in version 3.1.2 If you need to...

CVE-2021-29438

The CVE-2021-29438 issue affects the npm package @nextcloud/dialogs (Nextcloud dialogs library) prior to version 3.1.2 , where text input displayed in a toast was insufficiently escaped, enabling a potential XSS vector in applications showing user-supplied input in toasts. The vulnerability is mi...

CVE-2021-29438 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in @nextcloud/dialogs

The Nextcloud dialogs library npm package @nextcloud/dialogs before 3.1.2 insufficiently escaped text input passed to a toast. If your application displays toasts with user-supplied input, this could lead to a XSS vulnerability. The vulnerability has been patched in version 3.1.2 If you need to...

Nextcloud 注入漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in the Nextcloud Desktop client, which stems from insufficient validation of input provided to a user passed through a URL....

Nextcloud 安全漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in the Nextcloud dialogs library prior to version 3.1.2, which stems from an insufficient escape passed to toast. It can le...

Nextcloud: Notification implicit PendingIntent in com.nextcloud.client allows to access contacts

When the victim downloads files in nextcloud.A notification will be triggered. The content of the notification is "Downloaded".This notification is used to remind the user that the download is complete.The pendingintent in this notification is an implicit intent. At this time a malicious app with...

Nextcloud: Ratelimiting can be bypassed using IPv6 subnets

Nextcloud hardcodes IPv6 subnets to /128. End users get at least a /64 subnet more than the whole IPv4 address space!, most providers assign even larger subnets like /48. The subnet is used to block bruteforce attempts 3 and rate limiting 4. An attacker can easily generate random addresses from t...

Nextcloud: Improper input-size validation on the user new session name can result in server-side DDoS.

Advisory at https://github.com/nextcloud/security-advisories/security/advisories/GHSA-7cwm-qph5-4h5w...

Nextcloud: DoS due to improper input validation can break the admin access into the user data will disallow him from editing that user's data.

Impact A malicious user may be able to break the user administration page. This would disallow administrators to administrate users on the Nextcloud instance. Patches It is recommended that the Nextcloud Server is upgraded to 19.0.11, 20.0.10 or 21.0.2 Workarounds Use the OCC command line tool to...