Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nextcloud mail vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-33184
Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that the Mail app is update to version 3.02, 2.2.5 or 1.15.3.
Nextcloud Nextcloud Mail
4
CVSSv2
CVE-2021-32707
Nextcloud Mail is a mail app for Nextcloud. In versions before 1.9.6, the Nextcloud Mail application does not, by default, render images in emails to not leak the read state. The privacy filter failed to filter images with a `background-image` CSS attribute. Note that the images ...
Nextcloud Nextcloud Mail
4
CVSSv2
CVE-2022-31131
Nextcloud mail is a Mail app for the Nextcloud home server product. Versions of Nextcloud mail before 1.12.2 were found to be missing user account ownership checks when performing tasks related to mail attachments. Attachments may have been exposed to incorrect system users. It i...
Nextcloud Nextcloud Mail
4
CVSSv2
CVE-2021-32652
Nextcloud Mail is a mail app for the Nextcloud platform. A missing permission check in Nextcloud Mail prior to 1.4.3 and 1.8.2 allows another authenticated users to access mail metadata of other users. Versions 1.4.3 and 1.8.2 contain patches for this vulnerability; no workaround...
Nextcloud Nextcloud Mail
6.8
CVSSv2
CVE-2020-8156
A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack.
Nextcloud Nextcloud Mail
Fedoraproject Fedora 32
NA
CVE-2022-31119
Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions of Nextcloud mail would log user passwords to disk in the event of a misconfiguration. Should an attacker gain access to the logs complete access to affected accounts would be obtai...
Nextcloud Mail
NA
CVE-2023-48307
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Starting in version 1.13.0 and prior to version 2.2.8 and 3.3.0, an attacker can use an unprotected endpoint in the Mail app to perform a SSRF attack. Nextcloud Mail app versions 2.2.8 and 3.3.0 co...
Nextcloud Mail
3.5
CVSSv2
CVE-2021-39220
Nextcloud is an open-source, self-hosted productivity platform The Nextcloud Mail application prior to versions 1.10.4 and 1.11.0 does by default not render images in emails to not leak the read state or user IP. The privacy filter failed to filter images with a relative protocol...
Nextcloud Mail
NA
CVE-2022-31132
Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on the path `./vendor/cerdic/css-tidy/css_optimiser.php`. Access to the minifier is unrestricted and access may lead to Server-Side Request Forgery (SSRF...
Nextcloud Mail
NA
CVE-2023-25160
Nextcloud Mail is an email app for the Nextcloud home server platform. Prior to versions 2.2.1, 1.14.5, 1.12.9, and 1.11.8, an attacker can access the mail box by ID getting the subjects and the first characters of the emails. Users should upgrade to Mail 2.2.1 for Nextcloud 25, ...
Nextcloud Mail
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »