CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Prion•added 2019/07/30 9:15 p.m.•19 views

Design/Logic Flaw

A missing check in the Nextcloud Server prior to version 15.0.1 causes leaking of calendar event names when adding or modifying confidential or private events...

4CVSS4.6AI score0.00854EPSS

Prion•added 2019/07/30 9:15 p.m.•14 views

Design/Logic Flaw

Bypass lock protection in the Nextcloud Android app prior to version 3.3.0 allowed access to files when being prompted for the lock protection and switching to the Nextcloud file provider...

3.6CVSS6.2AI score0.00469EPSS

Prion•added 2019/07/30 9:15 p.m.•13 views

Code injection

Bypassing lock protection exists in Nextcloud Android app 3.6.0 when creating a multi-account and aborting the process...

4.6CVSS6.5AI score0.00463EPSS

Prion•added 2019/07/30 9:15 p.m.•15 views

Design/Logic Flaw

Bypass lock protection in the Nextcloud Android app prior to version 3.6.1 allows accessing the files when repeatedly opening and closing the app in a very short time...

2.1CVSS4.7AI score0.00385EPSS

CVE•added 2019/07/30 8:36 p.m.•56 views

CVE-2019-5449

CVE-2019-5449 affects Nextcloud Server prior to 15.0.1. A missing check allows leaking calendar event names when adding or modifying confidential or private events. Multiple connected sources confirm an information disclosure vulnerability in Nextcloud Server before 15.0.1. Impact is information ...

4.3CVSS4.6AI score0.00854EPSS

Cvelist•added 2019/07/30 8:36 p.m.•26 views

CVE-2019-5449

A missing check in the Nextcloud Server prior to version 15.0.1 causes leaking of calendar event names when adding or modifying confidential or private events...

4.5AI score0.00854EPSS

Exploits0References1

Cvelist•added 2019/07/30 8:35 p.m.•17 views

CVE-2019-5450

Improper sanitization of HTML in directory names in the Nextcloud Android app prior to version 3.7.0 allowed to style the directory name in the header bar when using basic HTML...

6.5AI score0.00495EPSS

CVE•added 2019/07/30 8:35 p.m.•57 views

CVE-2019-5450

The CVE-2019-5450 entry concerns the Nextcloud Android app prior to version 3.7.0, where improper sanitization of HTML in directory names allowed styling in the header bar via basic HTML. Connected sources corroborate this as a Nextcloud Android client issue and include a public report describing...

6.8CVSS6.4AI score0.00495EPSS

Cvelist•added 2019/07/30 8:33 p.m.•25 views

CVE-2019-5451

Bypass lock protection in the Nextcloud Android app prior to version 3.6.1 allows accessing the files when repeatedly opening and closing the app in a very short time...

4.7AI score0.00385EPSS

Exploits0References1

CVE•added 2019/07/30 8:33 p.m.•55 views

CVE-2019-5451

CVE-2019-5451 concerns the Nextcloud Android app prior to version 3.6.1, where bypassing the lock protection allowed access to files by repeatedly opening/closing the app in quick succession. The vulnerability affects the Android client’s ability to enforce device/user authentication for local fi...

4.6CVSS4.6AI score0.00385EPSS

Cvelist•added 2019/07/30 8:32 p.m.•18 views

CVE-2019-5452

Bypass lock protection in the Nextcloud Android app prior to version 3.6.2 causes leaking of thumbnails when requesting the Android content provider although the lock protection was not solved...

3.7AI score0.00434EPSS

CVE•added 2019/07/30 8:32 p.m.•50 views

CVE-2019-5452

The CVE-2019-5452 entry concerns the Nextcloud Android app prior to version 3.6.2, where bypassing lock protection allowed leakage of thumbnails via the Android content provider. Connected sources confirm: (1) affected software: Nextcloud Android app; (2) vulnerability type: bypass of lock protec...

2.4CVSS3.8AI score0.00434EPSS

Cvelist•added 2019/07/30 8:30 p.m.•27 views

CVE-2019-5453

Bypass lock protection in the Nextcloud Android app prior to version 3.3.0 allowed access to files when being prompted for the lock protection and switching to the Nextcloud file provider...

6.2AI score0.00469EPSS

CVE•added 2019/07/30 8:30 p.m.•52 views

CVE-2019-5453

Summary: CVE-2019-5453 affects the Nextcloud Android app prior to 3.3.0. The issue is a bypass of the app’s lock protection, allowing access to files when prompted for lock and switching to the Nextcloud file provider. Multiple connected sources corroborate the vulnerability, including CNVD/NVD e...

6.1CVSS6.2AI score0.00469EPSS

CVE•added 2019/07/30 8:28 p.m.•220 views

CVE-2019-5454

Summary: CVE-2019-5454 corresponds to an SQL injection in the Nextcloud Android app (pre-3.0.0) affecting the app’s internal content provider and local cache. The vulnerability allows manipulation of SQL queries via harmed inputs to the provider, which can destroy the local cache and force users ...

9.8CVSS9.2AI score0.02019EPSS

Cvelist•added 2019/07/30 8:28 p.m.•31 views

CVE-2019-5454

SQL Injection in the Nextcloud Android app prior to version 3.0.0 allows to destroy a local cache when a harmful query is executed requiring to resetup the account...

9.3AI score0.02019EPSS

Exploits0References1

Cvelist•added 2019/07/30 8:26 p.m.•29 views

CVE-2019-5455

Bypassing lock protection exists in Nextcloud Android app 3.6.0 when creating a multi-account and aborting the process...

6.6AI score0.00463EPSS

CVE•added 2019/07/30 8:26 p.m.•60 views

CVE-2019-5455

CVE-2019-5455 affects the Nextcloud Android app (v3.6.0). The issue allows bypassing the device lock protection during multi-account creation/abort, enabling the attacker to redirect to a default account without prompting for the lock pattern. Evidence includes a PoC described in the HackerOne re...

6.8CVSS6.5AI score0.00463EPSS