How severe is CVE-2021-32655?

This vulnerability has a severity rating of LOW with a CVSS score of 3.5 out of 10.

What type of vulnerability is CVE-2021-32655?

This is classified as CWE-241, which is a common weakness in software security.

CVE-2021-32655 - LOW Severity | CVSS 3.5

Vulnerability Description

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.11, 20.0.10, and 21.0.2, an attacker is able to convert a Files Drop link to a federated share. This causes an issue on the UI side of the sharing user. When the sharing user opens the sharing panel and tries to remove the "Create" privileges of this unexpected share, Nextcloud server would silently grant the share read privileges. The vulnerability is patched in versions 19.0.11, 20.0.10 and 21.0.2. No workarounds are known to exist.

Related Vulnerabilities

CVE-2024-32268

LOW

CVSS:3.3(Low)

An issue in Tuya Smart camera U6N v.3.2.5 allows a remote attacker to cause a denial of service via a crafted packet to the network connection component.

CWE-2412024

CVE-2024-37316

MEDIUM

CVSS:4.6(Medium)

Nextcloud Calendar is a calendar app for Nextcloud. Authenticated users could create an event with manipulated attachment data leading to a bad redirect for participants when clicked. It is recommende...

CWE-2412024

CVE-2021-0243

MEDIUM

CVSS:4.7(Medium)

Improper Handling of Unexpected Data in the firewall policer of Juniper Networks Junos OS on EX4300 switches allows matching traffic to exceed set policer limits, possibly leading to a limited Denial ...

CWE-2412021

CVE-2023-28961

MEDIUM

CVSS:5.3(Medium)

An Improper Handling of Unexpected Data Type vulnerability in IPv6 firewall filter processing of Juniper Networks Junos OS on the ACX Series devices will prevent a firewall filter with the term 'from ...

CWE-2412023

CVE-2024-9423

MEDIUM

CVSS:5.3(Medium)

Certain HP LaserJet printers may potentially experience a denial of service when a user sends a raw JPEG file to the printer. The printer displays a “JPEG Unsupported” message which may not clear, pot...

CWE-2412024

CVE-2022-29181

HIGH

CVSS:8.2(High)

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted input...

CWE-2412022