Android App
by Nextcloud
CVEs (22)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-5454 | Cri | 0.64 | 9.8 | 0.02 | Jul 30, 2019 | SQL Injection in the Nextcloud Android app prior to version 3.0.0 allows to destroy a local cache when a harmful query is executed requiring to resetup the account. | ||
| CVE-2019-5455 | Med | 0.44 | 6.8 | 0.00 | Jul 30, 2019 | Bypassing lock protection exists in Nextcloud Android app 3.6.0 when creating a multi-account and aborting the process. | ||
| CVE-2019-5450 | Med | 0.44 | 6.8 | 0.01 | Jul 30, 2019 | Improper sanitization of HTML in directory names in the Nextcloud Android app prior to version 3.7.0 allowed to style the directory name in the header bar when using basic HTML. | ||
| CVE-2021-22905 | Med | 0.42 | 6.5 | 0.01 | Jun 11, 2021 | Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnerable to information disclosure due to searches for sharees being performed by default on the lookup server instead of only using the local Nextcloud server unless a global search has been explicitly chosen by… | ||
| CVE-2019-15615 | Med | 0.40 | 6.1 | 0.00 | Feb 4, 2020 | A wrong check for the system time in the Android App 3.9.0 causes a bypass of the lock protection when changing the time of the system to the past. | ||
| CVE-2019-5453 | Med | 0.40 | 6.1 | 0.00 | Jul 30, 2019 | Bypass lock protection in the Nextcloud Android app prior to version 3.3.0 allowed access to files when being prompted for the lock protection and switching to the Nextcloud file provider. | ||
| CVE-2019-5451 | Med | 0.30 | 4.6 | 0.00 | Jul 30, 2019 | Bypass lock protection in the Nextcloud Android app prior to version 3.6.1 allows accessing the files when repeatedly opening and closing the app in a very short time. | ||
| CVE-2019-15622 | Low | 0.16 | 2.4 | 0.01 | Feb 4, 2020 | Not strictly enough sanitization in the Nextcloud Android app 3.6.0 allowed an attacker to get content information from protected tables when using custom queries. | ||
| CVE-2019-5452 | Low | 0.16 | 2.4 | 0.00 | Jul 30, 2019 | Bypass lock protection in the Nextcloud Android app prior to version 3.6.2 causes leaking of thumbnails when requesting the Android content provider although the lock protection was not solved. | ||
| CVE-2023-32318 | Hig | 0.00 | 7.2 | 0.00 | May 26, 2023 | Nextcloud server provides a home for data. A regression in the session handling between Nextcloud Server and the Nextcloud Text app prevented a correct destruction of the session on logout if cookies were not cleared manually. After successfully authenticating with any other… | ||
| CVE-2023-28999 | Med | 0.00 | 6.9 | 0.01 | Apr 4, 2023 | Nextcloud is an open-source productivity platform. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app 3.13.0 until 3.25.0, and Nextcloud iOS app 3.0.5 until 4.8.0, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can… | ||
| CVE-2023-28646 | Med | 0.00 | 4.4 | 0.00 | Mar 30, 2023 | Nextcloud android is an android app for interfacing with the nextcloud home server ecosystem. In versions from 3.7.0 and before 3.24.1 an attacker that has access to the unlocked physical device can bypass the Nextcloud Android Pin/passcode protection via a thirdparty app. This… | ||
| CVE-2022-39210 | Low | 0.00 | 3.2 | 0.00 | Sep 17, 2022 | Nextcloud android is the official Android client for the Nextcloud home server platform. Internal paths to the Nextcloud Android app files are not properly protected. As a result access to internal files of the from within the Nextcloud Android app is possible. This may lead to… | ||
| CVE-2022-29160 | Low | 0.00 | 2.8 | 0.00 | May 20, 2022 | Nextcloud Android is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.0, sensitive tokens, images, and user related details exist after deletion of a user account. This could result in misuse of the former account holder's information.… | ||
| CVE-2022-24886 | Low | 0.00 | 2.2 | 0.00 | Apr 27, 2022 | Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. In versions prior to 3.19.0, any application with notification permission can access contacts if Nextcloud has access to Contacts without applying for the Contacts permission itself.… | ||
| CVE-2022-24885 | Low | 0.00 | 2.0 | 0.00 | Apr 27, 2022 | Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.1, users can bypass a lock on the Nextcloud app on an Android device by repeatedly reopening the app. Version 3.19.1 contains a fix for the problem. There are… | ||
| CVE-2021-41181 | Low | 0.00 | 2.4 | 0.00 | Mar 8, 2022 | Nextcloud talk is a self hosting messaging service. In versions prior to 12.3.0 the Nextcloud Android Talk application did not properly detect the lockscreen state when a call was incoming. If an attacker got physical access to the locked phone, and the victim received a phone… | ||
| CVE-2021-41166 | Med | 0.00 | 4.3 | 0.01 | Jan 26, 2022 | The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. An issue in versions prior to 3.17.1 may lead to sensitive information disclosure. An unauthorized app that does not have the otherwise required `MANAGE_DOCUMENTS` permission may… | ||
| CVE-2021-43863 | Hig | 0.00 | 7.5 | 0.02 | Jan 25, 2022 | The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. The Nextcloud Android app uses content providers to manage its data. Prior to version 3.18.1, the providers `FileContentProvider` and `DiskLruImageCacheFileProvider` have security… | ||
| CVE-2021-32694 | Med | 0.00 | 4.1 | 0.01 | Jun 17, 2021 | Nextcloud Android app is the Android client for Nextcloud. In versions prior to 3.15.1, a malicious application on the same device is possible to crash the Nextcloud Android Client due to an uncaught exception. The vulnerability is patched in version 3.15.1. |
- risk 0.64cvss 9.8epss 0.02
SQL Injection in the Nextcloud Android app prior to version 3.0.0 allows to destroy a local cache when a harmful query is executed requiring to resetup the account.
- risk 0.44cvss 6.8epss 0.00
Bypassing lock protection exists in Nextcloud Android app 3.6.0 when creating a multi-account and aborting the process.
- risk 0.44cvss 6.8epss 0.01
Improper sanitization of HTML in directory names in the Nextcloud Android app prior to version 3.7.0 allowed to style the directory name in the header bar when using basic HTML.
- risk 0.42cvss 6.5epss 0.01
Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnerable to information disclosure due to searches for sharees being performed by default on the lookup server instead of only using the local Nextcloud server unless a global search has been explicitly chosen by…
- risk 0.40cvss 6.1epss 0.00
A wrong check for the system time in the Android App 3.9.0 causes a bypass of the lock protection when changing the time of the system to the past.
- risk 0.40cvss 6.1epss 0.00
Bypass lock protection in the Nextcloud Android app prior to version 3.3.0 allowed access to files when being prompted for the lock protection and switching to the Nextcloud file provider.
- risk 0.30cvss 4.6epss 0.00
Bypass lock protection in the Nextcloud Android app prior to version 3.6.1 allows accessing the files when repeatedly opening and closing the app in a very short time.
- risk 0.16cvss 2.4epss 0.01
Not strictly enough sanitization in the Nextcloud Android app 3.6.0 allowed an attacker to get content information from protected tables when using custom queries.
- risk 0.16cvss 2.4epss 0.00
Bypass lock protection in the Nextcloud Android app prior to version 3.6.2 causes leaking of thumbnails when requesting the Android content provider although the lock protection was not solved.
- risk 0.00cvss 7.2epss 0.00
Nextcloud server provides a home for data. A regression in the session handling between Nextcloud Server and the Nextcloud Text app prevented a correct destruction of the session on logout if cookies were not cleared manually. After successfully authenticating with any other…
- risk 0.00cvss 6.9epss 0.01
Nextcloud is an open-source productivity platform. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app 3.13.0 until 3.25.0, and Nextcloud iOS app 3.0.5 until 4.8.0, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can…
- risk 0.00cvss 4.4epss 0.00
Nextcloud android is an android app for interfacing with the nextcloud home server ecosystem. In versions from 3.7.0 and before 3.24.1 an attacker that has access to the unlocked physical device can bypass the Nextcloud Android Pin/passcode protection via a thirdparty app. This…
- risk 0.00cvss 3.2epss 0.00
Nextcloud android is the official Android client for the Nextcloud home server platform. Internal paths to the Nextcloud Android app files are not properly protected. As a result access to internal files of the from within the Nextcloud Android app is possible. This may lead to…
- risk 0.00cvss 2.8epss 0.00
Nextcloud Android is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.0, sensitive tokens, images, and user related details exist after deletion of a user account. This could result in misuse of the former account holder's information.…
- risk 0.00cvss 2.2epss 0.00
Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. In versions prior to 3.19.0, any application with notification permission can access contacts if Nextcloud has access to Contacts without applying for the Contacts permission itself.…
- risk 0.00cvss 2.0epss 0.00
Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.1, users can bypass a lock on the Nextcloud app on an Android device by repeatedly reopening the app. Version 3.19.1 contains a fix for the problem. There are…
- risk 0.00cvss 2.4epss 0.00
Nextcloud talk is a self hosting messaging service. In versions prior to 12.3.0 the Nextcloud Android Talk application did not properly detect the lockscreen state when a call was incoming. If an attacker got physical access to the locked phone, and the victim received a phone…
- risk 0.00cvss 4.3epss 0.01
The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. An issue in versions prior to 3.17.1 may lead to sensitive information disclosure. An unauthorized app that does not have the otherwise required `MANAGE_DOCUMENTS` permission may…
- risk 0.00cvss 7.5epss 0.02
The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. The Nextcloud Android app uses content providers to manage its data. Prior to version 3.18.1, the providers `FileContentProvider` and `DiskLruImageCacheFileProvider` have security…
- risk 0.00cvss 4.1epss 0.01
Nextcloud Android app is the Android client for Nextcloud. In versions prior to 3.15.1, a malicious application on the same device is possible to crash the Nextcloud Android Client due to an uncaught exception. The vulnerability is patched in version 3.15.1.
Page 1 of 2