Wester0X01

#13857of 53,630
19.4Total CVSS
Vulnerabilities · 3
Medium
1
High
2
PT-2021-19862
4.3
2021-06-17
Nextcloud · Nextcloud Android App · CVE-2021-32695
**Name of the Vulnerable Software and Affected Versions** Nextcloud Android app versions prior to 3.16.1 **Description** The Nextcloud Android app is vulnerable to an issue where a malicious app on the same device could access the shared preferences of the Nextcloud Android application. This requires user-interaction, as the victim must initiate the sharing flow and choose the malicious app. The shared preferences contain limited private data, such as push tokens and the account name. **Recommendations** For versions prior to 3.16.1, update to version 3.16.1 to resolve the issue. As a temporary workaround, consider restricting the sharing flow to trusted apps until the update is applied.
PT-2021-2108
7.8
2021-01-21
Google · Google Chrome · CVE-2021-21134
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 88.0.4324.96 Description: The issue is related to the Page Info component in Google Chrome, where an incorrect security UI allows a remote attacker to conduct spoofing attacks via a crafted HTML page. This can lead to security UI spoofing, potentially deceiving users about the security of a webpage. Recommendations: For versions prior to 88.0.4324.96, update to version 88.0.4324.96 or later to resolve the issue. As a temporary workaround, consider restricting access to the Page Info feature until the update is applied.
PT-2021-2109
7.3
2021-01-19
Google · Google Chrome · CVE-2021-21133
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 88.0.4324.96 Description: The issue is related to insufficient policy enforcement in the Downloads component of Google Chrome, allowing an attacker to bypass navigation restrictions. This can be achieved by convincing a user to download files and using a crafted HTML page. The vulnerability is related to incorrect restriction of visualized user interface layers, which can be exploited by a remote attacker to bypass existing security restrictions. Recommendations: For Google Chrome versions prior to 88.0.4324.96, update to version 88.0.4324.96 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Downloads component until a patch is available. Avoid using crafted HTML pages that could exploit this issue.