|
197191
|
9.8 |
CRITICAL
Network
|
nextcloud
fedoraproject
|
nextcloud_server
fedora
|
Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brute force attacks due to lack of inclusion of IPv6 subnets in rate-limiting considerations. This could potentially result in an att…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2021-22915
|
2024-11-21 14:50 |
2021-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197192
|
6.5 |
MEDIUM
Network
|
nextcloud
|
deck
|
Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only the local Nextcloud server unles…
|
CWE-200
Information Exposure
|
CVE-2021-22913
|
2024-11-21 14:50 |
2021-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197193
|
6.5 |
MEDIUM
Network
|
nextcloud
|
nextcloud
|
Nextcloud iOS before 3.4.2 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only on the local Nextcloud server unless a g…
|
CWE-200
Information Exposure
|
CVE-2021-22912
|
2024-11-21 14:50 |
2021-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197194
|
6.5 |
MEDIUM
Network
|
nextcloud
|
end-to-end_encryption
|
Nextcloud End-to-End Encryption before 1.5.3, 1.6.3 and 1.7.1 suffers from a denial of service vulnerability due to permitting any authenticated users to lock files of other users.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2021-22906
|
2024-11-21 14:50 |
2021-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197195
|
6.5 |
MEDIUM
Network
|
nextcloud
|
nextcloud
|
Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnerable to information disclosure due to searches for sharees being performed by default on the lookup server instead of only using t…
|
CWE-200
Information Exposure
|
CVE-2021-22905
|
2024-11-21 14:50 |
2021-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197196
|
7.5 |
HIGH
Network
|
rubyonrails
|
rails
|
The actionpack ruby gem before 6.1.3.2, 6.0.3.7, 5.2.4.6, 5.2.6 suffers from a possible denial of service vulnerability in the Token Authentication logic in Action Controller due to a too permissive …
|
NVD-CWE-Other
|
CVE-2021-22904
|
2024-11-21 14:50 |
2021-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197197
|
6.1 |
MEDIUM
Network
|
rubyonrails
|
rails
|
The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Author…
|
CWE-601
Open Redirect
|
CVE-2021-22903
|
2024-11-21 14:50 |
2021-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197198
|
7.5 |
HIGH
Network
|
rubyonrails
|
rails
|
The actionpack ruby gem (a framework for handling and responding to web requests in Rails) before 6.0.3.7, 6.1.3.2 suffers from a possible denial of service vulnerability in the Mime type parser of A…
|
NVD-CWE-noinfo
|
CVE-2021-22902
|
2024-11-21 14:50 |
2021-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197199
|
8.1 |
HIGH
Network
|
haxx
oracle
netapp
siemens
splunk
|
curl
mysql_server
essbase
communications_cloud_native_core_network_slice_selection_function
communications_cloud_native_core_network_repository_function
communications_cloud_native_cor…
|
curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use…
|
CWE-416
Use After Free
|
CVE-2021-22901
|
2024-11-21 14:50 |
2021-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197200
|
4.3 |
MEDIUM
Network
|
nextcloud
|
nextcloud
|
Nextcloud Mail before 1.9.5 suffers from improper access control due to a missing permission check allowing other authenticated users to create mail aliases for other users.
|
CWE-862
Missing Authorization
|
CVE-2021-22896
|
2024-11-21 14:50 |
2021-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
