CVE-2021-41166
- EPSS 0.95%
- Veröffentlicht 26.01.2022 23:15:08
- Zuletzt bearbeitet 21.11.2024 06:25:39
The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. An issue in versions prior to 3.17.1 may lead to sensitive information disclosure. An unauthorized app that does not have the otherwise required `MANA...
CVE-2021-43863
- EPSS 1.87%
- Veröffentlicht 25.01.2022 16:15:08
- Zuletzt bearbeitet 21.11.2024 06:29:58
The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. The Nextcloud Android app uses content providers to manage its data. Prior to version 3.18.1, the providers `FileContentProvider` and `DiskLruImageCac...
CVE-2021-43608
- EPSS 2.37%
- Veröffentlicht 09.12.2021 20:15:07
- Zuletzt bearbeitet 21.11.2024 06:29:30
Doctrine DBAL 3.x before 3.1.4 allows SQL Injection. The escaping of offset and length inputs to the generation of a LIMIT clause was not probably cast to an integer, allowing SQL injection to take place if application developers passed unescaped use...
CVE-2021-41177
- EPSS 1.5%
- Veröffentlicht 25.10.2021 22:15:07
- Zuletzt bearbeitet 21.11.2024 06:25:40
Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, Nextcloud Server did not implement a database backend for rate-limiting purposes. Any component of Nextcloud using rate-limits (as as `Anon...
CVE-2021-41178
- EPSS 1.73%
- Veröffentlicht 25.10.2021 22:15:07
- Zuletzt bearbeitet 21.11.2024 06:25:41
Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, a file traversal vulnerability makes an attacker able to download arbitrary SVG images from the host system, including user provided files....
- EPSS 1.16%
- Veröffentlicht 25.10.2021 22:15:07
- Zuletzt bearbeitet 21.11.2024 06:25:41
Nextcloud is an open-source, self-hosted productivity platform. Prior to Nextcloud Server versions 20.0.13, 21.0.5, and 22.2.0, the Two-Factor Authentication wasn't enforced for pages marked as public. Any page marked as `@PublicPage` could thus be a...
CVE-2021-32800
- EPSS 1.8%
- Veröffentlicht 07.09.2021 22:15:08
- Zuletzt bearbeitet 21.11.2024 06:07:46
Nextcloud server is an open source, self hosted personal cloud. In affected versions an attacker is able to bypass Two Factor Authentication in Nextcloud. Thus knowledge of a password, or access to a WebAuthN trusted device of a user was sufficient t...
CVE-2021-32801
- EPSS 0.24%
- Veröffentlicht 07.09.2021 22:15:08
- Zuletzt bearbeitet 21.11.2024 06:07:46
Nextcloud server is an open source, self hosted personal cloud. In affected versions logging of exceptions may have resulted in logging potentially sensitive key material for the Nextcloud Encryption-at-Rest functionality. It is recommended that the ...
- EPSS 2.6%
- Veröffentlicht 07.09.2021 22:15:08
- Zuletzt bearbeitet 21.11.2024 06:07:46
Nextcloud server is an open source, self hosted personal cloud. Nextcloud supports rendering image previews for user provided file content. For some image types, the Nextcloud server was invoking a third-party library that wasn't suited for untrusted...
CVE-2021-32766
- EPSS 1.34%
- Veröffentlicht 07.09.2021 21:15:08
- Zuletzt bearbeitet 21.11.2024 06:07:41
Nextcloud Text is an open source plaintext editing application which ships with the nextcloud server. In affected versions the Nextcloud Text application returned different error messages depending on whether a folder existed in a public link share. ...