VYPR

Mail

by Nextcloud

Source repositories

CVEs (11)

  • CVE-2016-3896MedSep 11, 2016
    Nextcloud
    Mail
    risk 0.36cvss 5.5epss 0.00

    AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 allows attackers to obtain sensitive EmailAccountCacheProvider information via a crafted application, aka internal bug 29767043.

  • CVE-2024-52508Nov 15, 2024
    Nextcloud
    Mail
    risk 0.00cvss epss 0.00

    Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. When a user is trying to set up a mail account with an email address like user@example.tld that does not support auto configuration, and an attacker managed to register autoconfig.tld, the used…

  • CVE-2023-33184May 27, 2023
    Nextcloud
    Mail
    risk 0.00cvss epss 0.00

    Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that the Mail app is update to version 3.02, 2.2.5 or 1.15.3.

  • CVE-2023-25160Feb 13, 2023
    Nextcloud
    Mail
    risk 0.00cvss epss 0.00

    Nextcloud Mail is an email app for the Nextcloud home server platform. Prior to versions 2.2.1, 1.14.5, 1.12.9, and 1.11.8, an attacker can access the mail box by ID getting the subjects and the first characters of the emails. Users should upgrade to Mail 2.2.1 for Nextcloud 25,…

  • CVE-2023-23943Feb 6, 2023
    Nextcloud
    Mail
    risk 0.00cvss epss 0.01

    Nextcloud mail is an email app for the nextcloud home server platform. In affected versions the SMTP, IMAP and Sieve host fields allowed to scan for internal services and servers reachable from within the local network of the Nextcloud Server. It is recommended that the…

  • CVE-2023-23944Feb 6, 2023
    Nextcloud
    Mail
    risk 0.00cvss epss 0.00

    Nextcloud mail is an email app for the nextcloud home server platform. In versions prior to 2.2.2 user's passwords were stored in cleartext in the database during the duration of OAuth2 setup procedure. Any attacker or malicious user with access to the database would have access…

  • CVE-2022-31119Aug 4, 2022
    Nextcloud
    Mail
    risk 0.00cvss epss 0.00

    Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions of Nextcloud mail would log user passwords to disk in the event of a misconfiguration. Should an attacker gain access to the logs complete access to affected accounts would be…

  • CVE-2022-31132Aug 4, 2022
    Nextcloud
    Mail
    risk 0.00cvss epss 0.00

    Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on the path `./vendor/cerdic/css-tidy/css_optimiser.php`. Access to the minifier is unrestricted and access may lead to Server-Side Request Forgery…

  • CVE-2022-31131Jul 6, 2022
    Nextcloud
    Mail
    risk 0.00cvss epss 0.00

    Nextcloud mail is a Mail app for the Nextcloud home server product. Versions of Nextcloud mail prior to 1.12.2 were found to be missing user account ownership checks when performing tasks related to mail attachments. Attachments may have been exposed to incorrect system users.…

  • CVE-2021-22896Jun 11, 2021
    Nextcloud
    Mail
    risk 0.00cvss epss 0.00

    Nextcloud Mail before 1.9.5 suffers from improper access control due to a missing permission check allowing other authenticated users to create mail aliases for other users.

  • CVE-2020-8156May 12, 2020
    Nextcloud
    Mail
    risk 0.00cvss epss 0.01

    A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack.