Vulnerabilities > Nextcloud > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-12 | CVE-2021-32707 | Unspecified vulnerability in Nextcloud Mail Nextcloud Mail is a mail app for Nextcloud. | 4.3 |
| 2021-07-12 | CVE-2021-32703 | Improper Control of Interaction Frequency vulnerability in multiple products Nextcloud Server is a Nextcloud package that handles data storage. | 5.3 |
| 2021-07-12 | CVE-2021-32678 | Improper Control of Interaction Frequency vulnerability in multiple products Nextcloud Server is a Nextcloud package that handles data storage. | 5.3 |
| 2021-06-17 | CVE-2021-32694 | Uncaught Exception vulnerability in Nextcloud Nextcloud Android app is the Android client for Nextcloud. | 4.3 |
| 2021-06-16 | CVE-2021-32676 | Session Fixation vulnerability in Nextcloud Talk Nextcloud Talk is a fully on-premises audio/video and chat communication service. | 4.0 |
| 2021-06-11 | CVE-2021-22895 | Improper Certificate Validation vulnerability in multiple products Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register with a Provider" flow. | 4.3 |
| 2021-06-11 | CVE-2021-22896 | Missing Authorization vulnerability in Nextcloud Nextcloud Mail before 1.9.5 suffers from improper access control due to a missing permission check allowing other authenticated users to create mail aliases for other users. | 4.0 |
| 2021-06-11 | CVE-2021-22905 | Information Exposure vulnerability in Nextcloud Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnerable to information disclosure due to searches for sharees being performed by default on the lookup server instead of only using the local Nextcloud server unless a global search has been explicitly chosen by the user. | 4.3 |
| 2021-06-11 | CVE-2021-22906 | Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud End-To-End Encryption Nextcloud End-to-End Encryption before 1.5.3, 1.6.3 and 1.7.1 suffers from a denial of service vulnerability due to permitting any authenticated users to lock files of other users. | 6.5 |
| 2021-06-11 | CVE-2021-22912 | Information Exposure vulnerability in Nextcloud Nextcloud iOS before 3.4.2 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only on the local Nextcloud server unless a global search has been explicitly chosen by the user. | 4.3 |