Lucene search
K

16 matches found

CVE
CVE
added 2023/08/10 3:4 p.m.159 views

CVE-2023-39957

CVE-2023-39957 affects Nextcloud Talk Android prior to 17.0.0, where an unprotected intent allowed malicious apps to trick Talk Android into writing files outside its intended cache directory (path traversal). A fix is available in version 17.0.0; no public workarounds are documented in the provi...

7.8CVSS7AI score0.00328EPSS
CVE
CVE
added 2022/03/08 5:45 p.m.103 views

CVE-2021-41180

CVE-2021-41180 affects Nextcloud Talk: geolocation preview links can be set to arbitrary URLs due to insufficient validation, enabling an open-redirect scenario. Reported impact is limited to Android Talk clients, with the recommended mitigation being upgrading the Nextcloud Talk app to version 1...

6.1CVSS5.2AI score0.01026EPSS
CVE
CVE
added 2022/03/08 5:50 p.m.103 views

CVE-2021-41181

The CVE affects the Nextcloud Talk Android app prior to version 12.3.0. A flaw causes the app to fail to detect the device lockscreen state when an incoming call occurs, enabling an attacker with physical access to a locked phone to access chat messages and files. Affected component: Nextcloud An...

2.4CVSS3.4AI score0.00297EPSS
CVE
CVE
added 2022/08/12 3:20 p.m.94 views

CVE-2022-35932

CVE-2022-35932 describes a missing rate limit in Nextcloud Talk for password-protected conversations. Before versions 12.2.7, 13.0.7, and 14.0.3, an attacker with the conversation link/token can brute-force the password due to lack of rate limiting. Public sources (NVD/Red Hat/GSAs) confirm the i...

5.3CVSS4.6AI score0.0105EPSS
CVE
CVE
added 2022/05/17 7:0 p.m.93 views

CVE-2022-24890

CVE-2022-24890 (Nextcloud Talk) affects Nextcloud Talk prior to versions 13.0.5 and 14.0.0, where a call moderator could indirectly enable a user's webcam by granting permissions that were removed. The underlying issue is exposure of webcam permissions that could be re-enabled without user consen...

4.3CVSS4.3AI score0.00883EPSS
CVE
CVE
added 2022/04/27 1:55 p.m.92 views

CVE-2022-24887

CVE-2022-24887 – Open Redirect in Nextcloud Talk : The issue affects Nextcloud Talk prior to versions 11.3.4, 12.2.2, and 13.0.0. When sharing a Deck card in a conversation, the metaData can be manipulated to trick users into opening arbitrary URLs. The vulnerability is fixed in the cited patched...

6.1CVSS5.1AI score0.00897EPSS
CVE
CVE
added 2022/09/16 11:15 p.m.90 views

CVE-2022-39212

Nextcloud Talk vulnerability CVE-2022-39212: in affected versions, the last video frame of a participant can be disclosed when the camera is selected but the video is disabled. This is a client-side issue in Nextcloud Talk (chat/video calls) that allows viewing the last frame of other participant...

5.3CVSS4.8AI score0.00547EPSS
CVE
CVE
added 2021/06/16 12:5 a.m.85 views

CVE-2021-32676

Nextcloud Talk suffers a session fixation vulnerability: password-protected shared talks did not rotate the session cookie after authentication in versions prior to 9.0.10, 10.0.8 and 11.2.2. Exploitation could allow an attacker to hijack a guest session. Remediation is to upgrade the Nextcloud T...

6.5CVSS6.5AI score0.00953EPSS
CVE
CVE
added 2023/01/09 2:7 p.m.85 views

CVE-2023-22473

CVE-2023-22473 affects the Nextcloud Talk Android app. The vulnerability is a passcode bypass that allows access to a user’s Nextcloud files and conversations when an attacker has physical access to the target device. The root cause is exposed by the described bypass in Talk Android, enabling exp...

2.1CVSS3.3AI score0.0056EPSS
CVE
CVE
added 2022/11/25 12:0 a.m.69 views

CVE-2022-41926

CVE-2022-41926 concerns the Nextcloud Talk Android app. The receiver component is not protected by broadcastPermission in affected versions, enabling a malicious app to monitor communication locally. The issue is tied to Nextcloud Talk Android prior to 14.1.0. Remediation in all sources is to upg...

5.5CVSS4.6AI score0.00267EPSS
CVE
CVE
added 2020/02/04 7:8 p.m.65 views

CVE-2019-15619

CVE-2019-15619 affects Nextcloud Suite components: Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3, and Nextcloud Deck 0.6.5. The root cause is improper neutralization of file names, conversation names and board names, leading to cross-site scripting when linking these items within a project. Docum...

4.8CVSS5AI score0.0084EPSS
CVE
CVE
added 2020/06/08 1:8 p.m.65 views

CVE-2020-8180

CVE-2020-8180 affects Nextcloud Talk versions 6.0.4, 7.0.2, and 8.0.7. A too-lax validation allows an administrator-added, not properly sanitized talk command to inject code. This can lead to arbitrary code execution when a crafted command is processed (for example, using talk commands to trigger...

9.9CVSS9.6AI score0.01668EPSS
CVE
CVE
added 2021/07/12 6:45 p.m.58 views

CVE-2021-32689

Nextcloud Talk suffered a vulnerability in versions prior to 11.2.2 where a user could reuse an earlier username and gain access to chat messages sent to that previous user. The issue is described as allowing access to messages associated with the reused username, with patches released in Nextclo...

8.1CVSS6.6AI score0.01EPSS
CVE
CVE
added 2020/02/04 7:8 p.m.53 views

CVE-2019-15620

CVE-2019-15620 describes an improper access control vulnerability in Nextcloud Talk 6.0.3 where the existence and names of private conversations can be leaked when those conversations are linked to another shared item via the Projects feature. Affected component is Nextcloud Talk (Spreed) 6.0.3. ...

4CVSS4.1AI score0.00766EPSS
CVE
CVE
added 2018/08/13 7:0 p.m.51 views

CVE-2018-3781

Nextcloud Talk

5.4CVSS5AI score0.0062EPSS
CVE
CVE
added 2021/11/15 6:30 p.m.50 views

CVE-2021-39222

Nextcloud Talk is affected by a stored XSS vulnerability in the Talk component of Nextcloud. The issue can be triggered by right-clicking a malicious file and opening it in a new tab, but exploitation is mitigated on modern browsers due to Content-Security-Policy (CSP). Remediation is to upgrade ...

6.4CVSS5.8AI score0.01063EPSS