Vulnerabilities > Nextcloud

DATE CVE VULNERABILITY TITLE RISK
2021-07-12 CVE-2021-32679 Improper Encoding or Escaping of Output vulnerability in multiple products
Nextcloud Server is a Nextcloud package that handles data storage.
network
low complexity
nextcloud fedoraproject CWE-116
8.8
2021-06-17 CVE-2021-32694 Uncaught Exception vulnerability in Nextcloud
Nextcloud Android app is the Android client for Nextcloud.
local
low complexity
nextcloud CWE-248
5.5
2021-06-17 CVE-2021-32695 Unspecified vulnerability in Nextcloud
Nextcloud Android app is the Android client for Nextcloud.
local
low complexity
nextcloud
3.3
2021-06-16 CVE-2021-32676 Session Fixation vulnerability in Nextcloud Talk
Nextcloud Talk is a fully on-premises audio/video and chat communication service.
network
low complexity
nextcloud CWE-384
6.5
2021-06-11 CVE-2021-22895 Improper Certificate Validation vulnerability in multiple products
Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register with a Provider" flow.
network
high complexity
nextcloud debian CWE-295
5.9
2021-06-11 CVE-2021-22896 Missing Authorization vulnerability in Nextcloud
Nextcloud Mail before 1.9.5 suffers from improper access control due to a missing permission check allowing other authenticated users to create mail aliases for other users.
network
low complexity
nextcloud CWE-862
4.3
2021-06-11 CVE-2021-22905 Information Exposure vulnerability in Nextcloud
Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnerable to information disclosure due to searches for sharees being performed by default on the lookup server instead of only using the local Nextcloud server unless a global search has been explicitly chosen by the user.
network
low complexity
nextcloud CWE-200
6.5
2021-06-11 CVE-2021-22906 Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud End-To-End Encryption
Nextcloud End-to-End Encryption before 1.5.3, 1.6.3 and 1.7.1 suffers from a denial of service vulnerability due to permitting any authenticated users to lock files of other users.
network
low complexity
nextcloud CWE-639
6.5
2021-06-11 CVE-2021-22912 Information Exposure vulnerability in Nextcloud
Nextcloud iOS before 3.4.2 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only on the local Nextcloud server unless a global search has been explicitly chosen by the user.
network
low complexity
nextcloud CWE-200
6.5
2021-06-11 CVE-2021-22913 Information Exposure vulnerability in Nextcloud Deck
Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only the local Nextcloud server unless a global search has been explicitly chosen by the user.
network
low complexity
nextcloud CWE-200
6.5