Lucene search
K

137 matches found

Nextcloud
Nextcloud
added 2022/08/04 6:22 a.m.68 views

Password disclosure in log file when providing incorrect additional data on initial setup of Mail App

None...

4.9CVSS5.1AI score0.00643EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2022/08/04 12:0 a.m.7 views

Nextcloud 代码问题漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A code issue vulnerability exists in Nextcloud Mail that stems from unrestricted access to minifier. An attacker could exploit this vulnerability to perfor...

9.8CVSS8.4AI score0.00616EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/08/04 12:0 a.m.6 views

PT-2022-20542 · Nextcloud · Nextcloud Mail

Name of the Vulnerable Software and Affected Versions: Nextcloud Mail versions prior to 1.12.1 Description: The issue affects Nextcloud Mail, an email application for the Nextcloud personal cloud product. In the event of a misconfiguration, affected versions of Nextcloud Mail would log user...

4.9CVSS5.1AI score0.00643EPSS
Exploits0References6
Prion
Prion
added 2022/07/06 6:15 p.m.15 views

Design/Logic Flaw

Nextcloud mail is a Mail app for the Nextcloud home server product. Versions of Nextcloud mail prior to 1.12.2 were found to be missing user account ownership checks when performing tasks related to mail attachments. Attachments may have been exposed to incorrect system users. It is recommended...

4CVSS4.7AI score0.00723EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2022/07/06 5:55 p.m.7 views

CVE-2022-31131 Ownership check missing when updating or deleting mail attachments in Nextcloud mail

Nextcloud mail is a Mail app for the Nextcloud home server product. Versions of Nextcloud mail prior to 1.12.2 were found to be missing user account ownership checks when performing tasks related to mail attachments. Attachments may have been exposed to incorrect system users. It is recommended...

5.4CVSS5.8AI score0.00723EPSS
Exploits1References3
OSV
OSV
added 2022/07/06 5:55 p.m.26 views

CVE-2022-31131 Ownership check missing when updating or deleting mail attachments in Nextcloud mail

Nextcloud mail is a Mail app for the Nextcloud home server product. Versions of Nextcloud mail prior to 1.12.2 were found to be missing user account ownership checks when performing tasks related to mail attachments. Attachments may have been exposed to incorrect system users. It is recommended...

5.4CVSS4.5AI score0.00723EPSS
Exploits1References5
Nextcloud
Nextcloud
added 2022/07/06 5:18 p.m.50 views

Ownership check missing when updating or deleting mail attachments

None...

5.4CVSS4.8AI score0.00723EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/07/06 12:0 a.m.5 views

PT-2022-20551 · Nextcloud · Nextcloud Mail

Name of the Vulnerable Software and Affected Versions: Nextcloud mail versions prior to 1.12.2 Description: The issue concerns missing user account ownership checks when performing tasks related to mail attachments in Nextcloud mail, potentially exposing attachments to incorrect system users...

5.4CVSS4.4AI score0.00723EPSS
Exploits1References9
OSV
OSV
added 2022/06/20 8:22 p.m.5 views

MAL-2022-4829 Malicious code in nextcloud-mail (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 49b707040d71b3da11b82122e52723a5f64ca6b9384db7ab5b48995623e258af Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:22 p.m.4 views

Malicious code in nextcloud-mail (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 49b707040d71b3da11b82122e52723a5f64ca6b9384db7ab5b48995623e258af Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2021/10/25 7:15 p.m.2 views

CVE-2021-39220

Nextcloud is an open-source, self-hosted productivity platform The Nextcloud Mail application prior to versions 1.10.4 and 1.11.0 does by default not render images in emails to not leak the read state or user IP. The privacy filter failed to filter images with a relative protocol. It is recommend...

3.5CVSS5.9AI score0.00759EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2021/10/25 6:55 p.m.27 views

CVE-2021-39220 Bypass of image blocking in Nextcloud Mail

Nextcloud is an open-source, self-hosted productivity platform The Nextcloud Mail application prior to versions 1.10.4 and 1.11.0 does by default not render images in emails to not leak the read state or user IP. The privacy filter failed to filter images with a relative protocol. It is recommend...

3.5CVSS4.2AI score0.00759EPSS
Exploits0References3
Nextcloud
Nextcloud
added 2021/10/25 10:59 a.m.39 views

Bypass of image blocking in Nextcloud Mail

None...

3.5CVSS4.9AI score0.00759EPSS
Exploits0References2Affected Software1
ArchLinux
ArchLinux
added 2021/07/20 12:0 a.m.138 views

[ASA-202107-41] nextcloud-app-mail: information disclosure

Arch Linux Security Advisory ASA-202107-41 ========================================== Severity: Low Date : 2021-07-20 CVE-ID : CVE-2021-32707 Package : nextcloud-app-mail Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-2145 Summary ======= The package...

4.3CVSS0.5AI score0.01146EPSS
Exploits1References6
OSV
OSV
added 2021/07/12 7:15 p.m.15 views

CVE-2021-32707

Nextcloud Mail is a mail app for Nextcloud. In versions prior to 1.9.6, the Nextcloud Mail application does not, by default, render images in emails to not leak the read state. The privacy filter failed to filter images with a background-image CSS attribute. Note that the images were still passed...

4.3CVSS6.6AI score
Exploits0References3
NVD
NVD
added 2021/07/12 7:15 p.m.18 views

CVE-2021-32707

Nextcloud Mail is a mail app for Nextcloud. In versions prior to 1.9.6, the Nextcloud Mail application does not, by default, render images in emails to not leak the read state. The privacy filter failed to filter images with a background-image CSS attribute. Note that the images were still passed...

4.3CVSS0.01146EPSS
Exploits1References3
Prion
Prion
added 2021/07/12 7:15 p.m.27 views

Design/Logic Flaw

Nextcloud Mail is a mail app for Nextcloud. In versions prior to 1.9.6, the Nextcloud Mail application does not, by default, render images in emails to not leak the read state. The privacy filter failed to filter images with a background-image CSS attribute. Note that the images were still passed...

4CVSS4.4AI score0.01146EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2021/07/12 7:5 p.m.36 views

CVE-2021-32707 Bypass of image blocking in Nextcloud Mail

Nextcloud Mail is a mail app for Nextcloud. In versions prior to 1.9.6, the Nextcloud Mail application does not, by default, render images in emails to not leak the read state. The privacy filter failed to filter images with a background-image CSS attribute. Note that the images were still passed...

4.3CVSS4.8AI score0.01146EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2021/07/12 12:0 a.m.6 views

PT-2021-19873 · Nextcloud · Nextcloud Mail

Name of the Vulnerable Software and Affected Versions: Nextcloud Mail versions prior to 1.9.6 Description: The Nextcloud Mail application has an issue where the privacy filter fails to filter images with a background-image CSS attribute, potentially leaking the read state. However, images are sti...

4.3CVSS6.9AI score0.01146EPSS
Exploits1References7
CNVD
CNVD
added 2021/06/17 12:0 a.m.12 views

Nextcloud Mail Access Control Error Vulnerability

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. An access control error vulnerability exists in Nextcloud Mail that stems from a lack of permission checking in Nextcloud Mail.Nextcloud Mail version 1.9.5 an...

4.3CVSS6.5AI score0.00988EPSS
Exploits0References1
Rows per page
Query Builder