Vulnerabilities > Nextcloud > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-11 | CVE-2021-22895 | Improper Certificate Validation vulnerability in multiple products Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register with a Provider" flow. | 5.9 |
| 2021-06-11 | CVE-2021-22896 | Missing Authorization vulnerability in Nextcloud Nextcloud Mail before 1.9.5 suffers from improper access control due to a missing permission check allowing other authenticated users to create mail aliases for other users. | 4.3 |
| 2021-06-11 | CVE-2021-22905 | Information Exposure vulnerability in Nextcloud Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnerable to information disclosure due to searches for sharees being performed by default on the lookup server instead of only using the local Nextcloud server unless a global search has been explicitly chosen by the user. | 6.5 |
| 2021-06-11 | CVE-2021-22906 | Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud End-To-End Encryption Nextcloud End-to-End Encryption before 1.5.3, 1.6.3 and 1.7.1 suffers from a denial of service vulnerability due to permitting any authenticated users to lock files of other users. | 6.5 |
| 2021-06-11 | CVE-2021-22912 | Information Exposure vulnerability in Nextcloud Nextcloud iOS before 3.4.2 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only on the local Nextcloud server unless a global search has been explicitly chosen by the user. | 6.5 |
| 2021-06-11 | CVE-2021-22913 | Information Exposure vulnerability in Nextcloud Deck Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only the local Nextcloud server unless a global search has been explicitly chosen by the user. | 6.5 |
| 2021-06-08 | CVE-2021-32658 | Improper Cross-boundary Removal of Sensitive Data vulnerability in Nextcloud Nextcloud Android is the Android client for the Nextcloud open source home cloud system. | 4.6 |
| 2021-06-01 | CVE-2021-32657 | Unspecified vulnerability in Nextcloud Server Nextcloud Server is a Nextcloud package that handles data storage. | 4.3 |
| 2021-06-01 | CVE-2021-32652 | Missing Authorization vulnerability in Nextcloud Mail Nextcloud Mail is a mail app for the Nextcloud platform. | 4.3 |
| 2021-03-03 | CVE-2021-22878 | Cross-site Scripting vulnerability in multiple products Nextcloud Server prior to 20.0.6 is vulnerable to reflected cross-site scripting (XSS) due to lack of sanitization in `OC.Notification.show`. | 4.8 |