CVE-2022-24886

LOW Year: 2022
CVSS v3 Score
3.8
Low
CVSS v2 Score
2.1
Low
Weakness Type
CWE-200
View all →

Vulnerability Description

Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. In versions prior to 3.19.0, any application with notification permission can access contacts if Nextcloud has access to Contacts without applying for the Contacts permission itself. Version 3.19.0 contains a fix for this issue. There are currently no known workarounds.

Related Vulnerabilities

CVE-2016-3158

LOW
CVSS:3.8(Low)

The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive r...

CWE-2002016

CVE-2016-3159

LOW
CVSS:3.8(Low)

The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitiv...

CWE-2002016

CVE-2017-7995

LOW
CVSS:3.8(Low)

Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the...

CWE-2002017

CVE-2018-15532

LOW
CVSS:3.8(Low)

SynTP.sys in Synaptics Touchpad drivers before 2018-06-06 allows local users to obtain sensitive information about freed kernel addresses.

CWE-2002018

CVE-2019-3868

LOW
CVSS:3.8(Low)

Keycloak up to version 6.0.0 allows the end user token (access or id token JWT) to be used as the session cookie for browser sessions for OIDC. As a result an attacker with access to service provider ...

CWE-2002019

CVE-2020-13523

LOW
CVSS:3.8(Low)

An exploitable information disclosure vulnerability exists in SoftPerfect’s RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive informatio...

CWE-2002020