Vulnerabilities > Nextcloud > Nextcloud
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-11 | CVE-2021-22896 | Missing Authorization vulnerability in Nextcloud Nextcloud Mail before 1.9.5 suffers from improper access control due to a missing permission check allowing other authenticated users to create mail aliases for other users. | 4.0 |
| 2021-06-11 | CVE-2021-22905 | Information Exposure vulnerability in Nextcloud Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnerable to information disclosure due to searches for sharees being performed by default on the lookup server instead of only using the local Nextcloud server unless a global search has been explicitly chosen by the user. | 4.3 |
| 2021-06-11 | CVE-2021-22912 | Information Exposure vulnerability in Nextcloud Nextcloud iOS before 3.4.2 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only on the local Nextcloud server unless a global search has been explicitly chosen by the user. | 4.3 |
| 2021-06-08 | CVE-2021-32658 | Improper Cross-boundary Removal of Sensitive Data vulnerability in Nextcloud Nextcloud Android is the Android client for the Nextcloud open source home cloud system. | 4.6 |
| 2020-02-04 | CVE-2019-15622 | SQL Injection vulnerability in Nextcloud Not strictly enough sanitization in the Nextcloud Android app 3.6.0 allowed an attacker to get content information from protected tables when using custom queries. | 2.1 |
| 2020-02-04 | CVE-2019-15615 | Improper Authentication vulnerability in Nextcloud A wrong check for the system time in the Android App 3.9.0 causes a bypass of the lock protection when changing the time of the system to the past. | 3.6 |
| 2020-02-04 | CVE-2019-15614 | Cross-site Scripting vulnerability in Nextcloud Missing sanitization in the iOS App 2.24.4 causes an XSS when opening malicious HTML files. | 3.5 |
| 2020-02-04 | CVE-2019-15611 | Unspecified vulnerability in Nextcloud Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g. | 4.0 |
| 2019-07-30 | CVE-2019-5455 | Improper Authentication vulnerability in Nextcloud 3.6.0 Bypassing lock protection exists in Nextcloud Android app 3.6.0 when creating a multi-account and aborting the process. | 6.8 |
| 2019-07-30 | CVE-2019-5454 | SQL Injection vulnerability in Nextcloud SQL Injection in the Nextcloud Android app prior to version 3.0.0 allows to destroy a local cache when a harmful query is executed requiring to resetup the account. | 9.8 |