CVE-2021-41181

LOW Year: 2021
CVSS v3 Score
2.4
Low
CVSS v2 Score
2.1
Low
Weakness Type
CWE-200
View all →

Vulnerability Description

Nextcloud talk is a self hosting messaging service. In versions prior to 12.3.0 the Nextcloud Android Talk application did not properly detect the lockscreen state when a call was incoming. If an attacker got physical access to the locked phone, and the victim received a phone call the attacker could gain access to the chat messages and files of the user. It is recommended that the Nextcloud Android Talk App is upgraded to 12.3.0. There are no known workarounds.

Related Vulnerabilities

CVE-2011-2343

LOW
CVSS:2.4(Low)

The Bluetooth stack in Android before 2.3.6 allows a physically proximate attacker to obtain contact information via an AT phonebook transfer.

CWE-2002011

CVE-2016-1000002

LOW
CVSS:2.4(Low)

gdm3 3.14.2 and possibly later has an information leak before screen lock

CWE-2002016

CVE-2016-11027

LOW
CVSS:2.4(Low)

An issue was discovered on Samsung mobile devices with M(6.0) software. In the Shade Locked state, a physically proximate attacker can read notifications on the lock screen. The Samsung ID is SVE-2016...

CWE-2002016

CVE-2016-1852

LOW
CVSS:2.4(Low)

Siri in Apple iOS before 9.3.2 does not block data detectors within results in the lock-screen state, which allows physically proximate attackers to obtain sensitive contact and photo information via ...

CWE-2002016

CVE-2016-3291

LOW
CVSS:2.4(Low)

Microsoft Internet Explorer 11 and Microsoft Edge mishandle cross-origin requests, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Informat...

CWE-2002016

CVE-2016-3562

LOW
CVSS:2.4(Low)

Unspecified vulnerability in the RDBMS Security and SQL*Plus components in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows remote administrators to affect confidentiality via vectors related to DB...

CWE-2002016