Ios App
by OwnCloud
Source repositories
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-3615 | 0.00 | — | 0.00 | Jul 17, 2023 | Mattermost iOS app fails to properly validate the server certificate while initializing the TLS connection allowing a network attacker to intercept the WebSockets connection. | |||
| CVE-2019-15614 | 0.00 | — | 0.01 | Feb 4, 2020 | Missing sanitization in the iOS App 2.24.4 causes an XSS when opening malicious HTML files. | |||
| CVE-2019-15611 | 0.00 | — | 0.01 | Feb 4, 2020 | Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g. for federated users or registering for push notifications. | |||
| CVE-2015-5955 | 0.00 | — | 0.01 | Oct 29, 2015 | ownCloud iOS app before 3.4.4 does not properly switch state between multiple instances, which might allow remote instance administrators to obtain sensitive credential and cookie information by reading authentication headers. |
- CVE-2023-3615Jul 17, 2023risk 0.00cvss —epss 0.00
Mattermost iOS app fails to properly validate the server certificate while initializing the TLS connection allowing a network attacker to intercept the WebSockets connection.
- CVE-2019-15614Feb 4, 2020risk 0.00cvss —epss 0.01
Missing sanitization in the iOS App 2.24.4 causes an XSS when opening malicious HTML files.
- CVE-2019-15611Feb 4, 2020risk 0.00cvss —epss 0.01
Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g. for federated users or registering for push notifications.
- CVE-2015-5955Oct 29, 2015risk 0.00cvss —epss 0.01
ownCloud iOS app before 3.4.4 does not properly switch state between multiple instances, which might allow remote instance administrators to obtain sensitive credential and cookie information by reading authentication headers.