Nextcloud Android app
by Nextcloud
CVEs (13)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-28646 | 0.00 | — | 0.00 | Mar 30, 2023 | Nextcloud android is an android app for interfacing with the nextcloud home server ecosystem. In versions from 3.7.0 and before 3.24.1 an attacker that has access to the unlocked physical device can bypass the Nextcloud Android Pin/passcode protection via a thirdparty app. This… | |||
| CVE-2022-29160 | 0.00 | — | 0.00 | May 20, 2022 | Nextcloud Android is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.0, sensitive tokens, images, and user related details exist after deletion of a user account. This could result in misuse of the former account holder's information.… | |||
| CVE-2022-24886 | 0.00 | — | 0.00 | Apr 27, 2022 | Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. In versions prior to 3.19.0, any application with notification permission can access contacts if Nextcloud has access to Contacts without applying for the Contacts permission itself.… | |||
| CVE-2021-41166 | 0.00 | — | 0.00 | Jan 26, 2022 | The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. An issue in versions prior to 3.17.1 may lead to sensitive information disclosure. An unauthorized app that does not have the otherwise required `MANAGE_DOCUMENTS` permission may… | |||
| CVE-2021-43863 | 0.00 | — | 0.00 | Jan 25, 2022 | The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. The Nextcloud Android app uses content providers to manage its data. Prior to version 3.18.1, the providers `FileContentProvider` and `DiskLruImageCacheFileProvider` have security… | |||
| CVE-2021-32694 | 0.00 | — | 0.00 | Jun 17, 2021 | Nextcloud Android app is the Android client for Nextcloud. In versions prior to 3.15.1, a malicious application on the same device is possible to crash the Nextcloud Android Client due to an uncaught exception. The vulnerability is patched in version 3.15.1. | |||
| CVE-2021-32695 | 0.00 | — | 0.01 | Jun 17, 2021 | Nextcloud Android app is the Android client for Nextcloud. In versions prior to 3.16.1, a malicious app on the same device could have gotten access to the shared preferences of the Nextcloud Android application. This required user-interaction as a victim had to initiate the… | |||
| CVE-2021-22905 | 0.00 | — | 0.01 | Jun 11, 2021 | Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnerable to information disclosure due to searches for sharees being performed by default on the lookup server instead of only using the local Nextcloud server unless a global search has been explicitly chosen by… | |||
| CVE-2019-15622 | 0.00 | — | 0.00 | Feb 4, 2020 | Not strictly enough sanitization in the Nextcloud Android app 3.6.0 allowed an attacker to get content information from protected tables when using custom queries. | |||
| CVE-2019-15615 | 0.00 | — | 0.00 | Feb 4, 2020 | A wrong check for the system time in the Android App 3.9.0 causes a bypass of the lock protection when changing the time of the system to the past. | |||
| CVE-2019-5450 | 0.00 | — | 0.00 | Jul 30, 2019 | Improper sanitization of HTML in directory names in the Nextcloud Android app prior to version 3.7.0 allowed to style the directory name in the header bar when using basic HTML. | |||
| CVE-2019-5452 | 0.00 | — | 0.00 | Jul 30, 2019 | Bypass lock protection in the Nextcloud Android app prior to version 3.6.2 causes leaking of thumbnails when requesting the Android content provider although the lock protection was not solved. | |||
| CVE-2019-5455 | 0.00 | — | 0.00 | Jul 30, 2019 | Bypassing lock protection exists in Nextcloud Android app 3.6.0 when creating a multi-account and aborting the process. |
- CVE-2023-28646Mar 30, 2023risk 0.00cvss —epss 0.00
Nextcloud android is an android app for interfacing with the nextcloud home server ecosystem. In versions from 3.7.0 and before 3.24.1 an attacker that has access to the unlocked physical device can bypass the Nextcloud Android Pin/passcode protection via a thirdparty app. This…
- CVE-2022-29160May 20, 2022risk 0.00cvss —epss 0.00
Nextcloud Android is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.0, sensitive tokens, images, and user related details exist after deletion of a user account. This could result in misuse of the former account holder's information.…
- CVE-2022-24886Apr 27, 2022risk 0.00cvss —epss 0.00
Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. In versions prior to 3.19.0, any application with notification permission can access contacts if Nextcloud has access to Contacts without applying for the Contacts permission itself.…
- CVE-2021-41166Jan 26, 2022risk 0.00cvss —epss 0.00
The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. An issue in versions prior to 3.17.1 may lead to sensitive information disclosure. An unauthorized app that does not have the otherwise required `MANAGE_DOCUMENTS` permission may…
- CVE-2021-43863Jan 25, 2022risk 0.00cvss —epss 0.00
The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. The Nextcloud Android app uses content providers to manage its data. Prior to version 3.18.1, the providers `FileContentProvider` and `DiskLruImageCacheFileProvider` have security…
- CVE-2021-32694Jun 17, 2021risk 0.00cvss —epss 0.00
Nextcloud Android app is the Android client for Nextcloud. In versions prior to 3.15.1, a malicious application on the same device is possible to crash the Nextcloud Android Client due to an uncaught exception. The vulnerability is patched in version 3.15.1.
- CVE-2021-32695Jun 17, 2021risk 0.00cvss —epss 0.01
Nextcloud Android app is the Android client for Nextcloud. In versions prior to 3.16.1, a malicious app on the same device could have gotten access to the shared preferences of the Nextcloud Android application. This required user-interaction as a victim had to initiate the…
- CVE-2021-22905Jun 11, 2021risk 0.00cvss —epss 0.01
Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnerable to information disclosure due to searches for sharees being performed by default on the lookup server instead of only using the local Nextcloud server unless a global search has been explicitly chosen by…
- CVE-2019-15622Feb 4, 2020risk 0.00cvss —epss 0.00
Not strictly enough sanitization in the Nextcloud Android app 3.6.0 allowed an attacker to get content information from protected tables when using custom queries.
- CVE-2019-15615Feb 4, 2020risk 0.00cvss —epss 0.00
A wrong check for the system time in the Android App 3.9.0 causes a bypass of the lock protection when changing the time of the system to the past.
- CVE-2019-5450Jul 30, 2019risk 0.00cvss —epss 0.00
Improper sanitization of HTML in directory names in the Nextcloud Android app prior to version 3.7.0 allowed to style the directory name in the header bar when using basic HTML.
- CVE-2019-5452Jul 30, 2019risk 0.00cvss —epss 0.00
Bypass lock protection in the Nextcloud Android app prior to version 3.6.2 causes leaking of thumbnails when requesting the Android content provider although the lock protection was not solved.
- CVE-2019-5455Jul 30, 2019risk 0.00cvss —epss 0.00
Bypassing lock protection exists in Nextcloud Android app 3.6.0 when creating a multi-account and aborting the process.