Vulnerabilities > Nextcloud
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-11 | CVE-2021-22895 | Improper Certificate Validation vulnerability in multiple products Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register with a Provider" flow. | 4.3 |
| 2021-06-11 | CVE-2021-22896 | Missing Authorization vulnerability in Nextcloud Nextcloud Mail before 1.9.5 suffers from improper access control due to a missing permission check allowing other authenticated users to create mail aliases for other users. | 4.0 |
| 2021-06-11 | CVE-2021-22905 | Information Exposure vulnerability in Nextcloud Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnerable to information disclosure due to searches for sharees being performed by default on the lookup server instead of only using the local Nextcloud server unless a global search has been explicitly chosen by the user. | 4.3 |
| 2021-06-11 | CVE-2021-22906 | Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud End-To-End Encryption Nextcloud End-to-End Encryption before 1.5.3, 1.6.3 and 1.7.1 suffers from a denial of service vulnerability due to permitting any authenticated users to lock files of other users. | 6.5 |
| 2021-06-11 | CVE-2021-22912 | Information Exposure vulnerability in Nextcloud Nextcloud iOS before 3.4.2 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only on the local Nextcloud server unless a global search has been explicitly chosen by the user. | 4.3 |
| 2021-06-11 | CVE-2021-22913 | Information Exposure vulnerability in Nextcloud Deck Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only the local Nextcloud server unless a global search has been explicitly chosen by the user. | 4.3 |
| 2021-06-11 | CVE-2021-22915 | Improper Restriction of Excessive Authentication Attempts vulnerability in multiple products Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brute force attacks due to lack of inclusion of IPv6 subnets in rate-limiting considerations. | 9.8 |
| 2021-06-08 | CVE-2021-32658 | Improper Cross-boundary Removal of Sensitive Data vulnerability in Nextcloud Nextcloud Android is the Android client for the Nextcloud open source home cloud system. | 4.6 |
| 2021-06-01 | CVE-2021-32656 | Improper Access Control vulnerability in Nextcloud Server Nextcloud Server is a Nextcloud package that handles data storage. | 8.6 |
| 2021-06-01 | CVE-2021-32657 | Resource Exhaustion vulnerability in Nextcloud Server Nextcloud Server is a Nextcloud package that handles data storage. | 4.3 |