CVE-2022-35932

MEDIUM Year: 2022
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-359
View all →

Vulnerability Description

Nextcloud Talk is a video and audio conferencing app for Nextcloud. Prior to versions 12.2.7, 13.0.7, and 14.0.3, password protected conversations are susceptible to brute force attacks if the attacker has the link/conversation token. It is recommended that the Nextcloud Talk application is upgraded to 12.2.7, 13.0.7 or 14.0.3. There are currently no known workarounds available apart from not having password protected conversations.

Related Vulnerabilities

CVE-2017-16769

MEDIUM
CVSS:5.3(Medium)

Exposure of private information vulnerability in Photo Viewer in Synology Photo Station 6.8.1-3458 allows remote attackers to obtain metadata from password-protected photographs via the map viewer mod...

CWE-3592017

CVE-2019-15623

MEDIUM
CVSS:5.3(Medium)

Exposure of Private Information in Nextcloud Server 16.0.1 causes the server to send it's domain and user IDs to the Nextcloud Lookup Server without any further data when the Lookup server is disabled...

CWE-3592019

CVE-2021-21823

MEDIUM
CVSS:5.3(Medium)

An information disclosure vulnerability exists in the Friend finder functionality of GmbH Komoot version 10.26.9 up to 11.1.11. A specially crafted series of network requests can lead to the disclosur...

CWE-3592021

CVE-2021-22876

MEDIUM
CVSS:5.3(Medium)

curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip of...

CWE-3592021

CVE-2021-28559

MEDIUM
CVSS:5.3(Medium)

Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Information Exposure vulnerability. An unauthenticate...

CWE-3592021

CVE-2021-3980

MEDIUM
CVSS:5.3(Medium)

elgg is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor

CWE-3592021