VYPR

Talk

by Drupal

CVEs (7)

  • CVE-2021-41181Mar 8, 2022
    risk 0.00cvss epss 0.00

    Nextcloud talk is a self hosting messaging service. In versions prior to 12.3.0 the Nextcloud Android Talk application did not properly detect the lockscreen state when a call was incoming. If an attacker got physical access to the locked phone, and the victim received a phone…

  • CVE-2021-39222Nov 15, 2021
    risk 0.00cvss epss 0.01

    Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Talk application was vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. For exploitation, a user would need to right-click on a malicious file and open the file in a new tab. Due the…

  • CVE-2021-32689Jul 12, 2021
    risk 0.00cvss epss 0.01

    Nextcloud Talk is a fully on-premises audio/video and chat communication service. In versions prior to 11.2.2, if a user was able to reuse an earlier used username, they could get access to any chat message sent to the previous user with this username. The issue was patched in…

  • CVE-2021-35970Jun 30, 2021
    risk 0.00cvss epss 0.02

    Talk 4 in Coral before 4.12.1 allows remote attackers to discover e-mail addresses and other sensitive information via GraphQL because permission checks use an incorrect data type.

  • CVE-2021-32676Jun 16, 2021
    risk 0.00cvss epss 0.01

    Nextcloud Talk is a fully on-premises audio/video and chat communication service. Password protected shared chats in Talk before version 9.0.10, 10.0.8 and 11.2.2 did not rotate the session cookie after a successful authentication event. It is recommended that the Nextcloud Talk…

  • CVE-2008-4153Sep 24, 2008
    risk 0.00cvss epss 0.01

    The Talk module 5.x before 5.x-1.3 and 6.x before 6.x-1.5, a module for Drupal, does not perform access checks for a node before displaying comments, which allows remote attackers to obtain sensitive information.

  • CVE-2008-4152Sep 24, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Talk module 5.x before 5.x-1.3 and 6.x before 6.x-1.5, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via a node title.