VYPR

Android App

by Nextcloud

CVEs (22)

  • CVE-2019-5454CriJul 30, 2019
    risk 0.64cvss 9.8epss 0.02

    SQL Injection in the Nextcloud Android app prior to version 3.0.0 allows to destroy a local cache when a harmful query is executed requiring to resetup the account.

  • CVE-2019-5455MedJul 30, 2019
    risk 0.44cvss 6.8epss 0.00

    Bypassing lock protection exists in Nextcloud Android app 3.6.0 when creating a multi-account and aborting the process.

  • CVE-2019-5450MedJul 30, 2019
    risk 0.44cvss 6.8epss 0.01

    Improper sanitization of HTML in directory names in the Nextcloud Android app prior to version 3.7.0 allowed to style the directory name in the header bar when using basic HTML.

  • CVE-2021-22905MedJun 11, 2021
    risk 0.42cvss 6.5epss 0.01

    Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnerable to information disclosure due to searches for sharees being performed by default on the lookup server instead of only using the local Nextcloud server unless a global search has been explicitly chosen by…

  • CVE-2019-15615MedFeb 4, 2020
    risk 0.40cvss 6.1epss 0.00

    A wrong check for the system time in the Android App 3.9.0 causes a bypass of the lock protection when changing the time of the system to the past.

  • CVE-2019-5453MedJul 30, 2019
    risk 0.40cvss 6.1epss 0.00

    Bypass lock protection in the Nextcloud Android app prior to version 3.3.0 allowed access to files when being prompted for the lock protection and switching to the Nextcloud file provider.

  • CVE-2019-5451MedJul 30, 2019
    risk 0.30cvss 4.6epss 0.00

    Bypass lock protection in the Nextcloud Android app prior to version 3.6.1 allows accessing the files when repeatedly opening and closing the app in a very short time.

  • CVE-2019-15622LowFeb 4, 2020
    risk 0.16cvss 2.4epss 0.01

    Not strictly enough sanitization in the Nextcloud Android app 3.6.0 allowed an attacker to get content information from protected tables when using custom queries.

  • CVE-2019-5452LowJul 30, 2019
    risk 0.16cvss 2.4epss 0.00

    Bypass lock protection in the Nextcloud Android app prior to version 3.6.2 causes leaking of thumbnails when requesting the Android content provider although the lock protection was not solved.

  • CVE-2023-32318HigMay 26, 2023
    risk 0.00cvss 7.2epss 0.00

    Nextcloud server provides a home for data. A regression in the session handling between Nextcloud Server and the Nextcloud Text app prevented a correct destruction of the session on logout if cookies were not cleared manually. After successfully authenticating with any other…

  • CVE-2023-28999MedApr 4, 2023
    risk 0.00cvss 6.9epss 0.01

    Nextcloud is an open-source productivity platform. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app 3.13.0 until 3.25.0, and Nextcloud iOS app 3.0.5 until 4.8.0, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can…

  • CVE-2023-28646MedMar 30, 2023
    risk 0.00cvss 4.4epss 0.00

    Nextcloud android is an android app for interfacing with the nextcloud home server ecosystem. In versions from 3.7.0 and before 3.24.1 an attacker that has access to the unlocked physical device can bypass the Nextcloud Android Pin/passcode protection via a thirdparty app. This…

  • CVE-2022-39210LowSep 17, 2022
    risk 0.00cvss 3.2epss 0.00

    Nextcloud android is the official Android client for the Nextcloud home server platform. Internal paths to the Nextcloud Android app files are not properly protected. As a result access to internal files of the from within the Nextcloud Android app is possible. This may lead to…

  • CVE-2022-29160LowMay 20, 2022
    risk 0.00cvss 2.8epss 0.00

    Nextcloud Android is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.0, sensitive tokens, images, and user related details exist after deletion of a user account. This could result in misuse of the former account holder's information.…

  • CVE-2022-24886LowApr 27, 2022
    risk 0.00cvss 2.2epss 0.00

    Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. In versions prior to 3.19.0, any application with notification permission can access contacts if Nextcloud has access to Contacts without applying for the Contacts permission itself.…

  • CVE-2022-24885LowApr 27, 2022
    risk 0.00cvss 2.0epss 0.00

    Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.1, users can bypass a lock on the Nextcloud app on an Android device by repeatedly reopening the app. Version 3.19.1 contains a fix for the problem. There are…

  • CVE-2021-41181LowMar 8, 2022
    risk 0.00cvss 2.4epss 0.00

    Nextcloud talk is a self hosting messaging service. In versions prior to 12.3.0 the Nextcloud Android Talk application did not properly detect the lockscreen state when a call was incoming. If an attacker got physical access to the locked phone, and the victim received a phone…

  • CVE-2021-41166MedJan 26, 2022
    risk 0.00cvss 4.3epss 0.01

    The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. An issue in versions prior to 3.17.1 may lead to sensitive information disclosure. An unauthorized app that does not have the otherwise required `MANAGE_DOCUMENTS` permission may…

  • CVE-2021-43863HigJan 25, 2022
    risk 0.00cvss 7.5epss 0.02

    The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. The Nextcloud Android app uses content providers to manage its data. Prior to version 3.18.1, the providers `FileContentProvider` and `DiskLruImageCacheFileProvider` have security…

  • CVE-2021-32694MedJun 17, 2021
    risk 0.00cvss 4.1epss 0.01

    Nextcloud Android app is the Android client for Nextcloud. In versions prior to 3.15.1, a malicious application on the same device is possible to crash the Nextcloud Android Client due to an uncaught exception. The vulnerability is patched in version 3.15.1.

Page 1 of 2