GCVE - cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:iphone_os:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:iphone_os:*:*

part: a version: * update: *

Vendor	Nextcloud (`e5ae4298-6932-564f-a40d-08cebea039a5`)
Product	Nextcloud (`558c2af4-b894-543f-898d-e530fd1e91d6`)
Edition	*
Language	*
Software edition	*
Target software	iphone_os
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-49790`	vulnerable	2026-06-03 14:53:26.438876	App PIN code can be bypassed in Nextcloud Files iOS MEDIUM (4.3) The Nextcloud iOS Files app allows users of iOS to interact with Nextcloud, a self-hosted productivity platform. Prior to version 4.9.2, the application can be used without providing the 4 digit PIN code. Nextcloud iOS Files app should be upgraded to 4.9.2 to receive the patch. No known workarounds are available. Published: 2023-12-22T16:19:28.440Z Updated: 2024-08-02T22:01:26.180Z Open on db.gcve.eu Reference links https://github.com/nextcloud/security-advisories/security/advisories/GHSA-j8g7-88vv-rggv https://github.com/nextcloud/ios/pull/2665 https://hackerone.com/reports/2245437	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-28647`	vulnerable	2026-06-03 14:51:13.175927	App pin of the iOS app can be bypassed in Nextcloud iOS MEDIUM (4.4) Nextcloud iOS is an ios application used to interface with the nextcloud home cloud ecosystem. In versions prior to 4.7.0 when an attacker has physical access to an unlocked device, they may enable the integration into the iOS Files app and bypass the Nextcloud pin/password protection and gain access to a users files. It is recommended that the Nextcloud iOS app is upgraded to 4.7.0. There are no known workarounds for this vulnerability. Published: 2023-03-30T18:12:25.312Z Updated: 2025-02-11T18:57:19.268Z Open on db.gcve.eu Reference links https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wjgg-2v4p-2gq6 https://github.com/nextcloud/ios/pull/2344	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-22912`	vulnerable	2026-06-03 14:43:54.262827	Details available Nextcloud iOS before 3.4.2 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only on the local Nextcloud server unless a global search has been explicitly chosen by the user. Published: 2021-06-11T15:49:37.000Z Updated: 2024-08-03T18:58:25.462Z Open on db.gcve.eu Reference links https://hackerone.com/reports/1167919 https://github.com/nextcloud/security-advisories/security/advisories/GHSA-m7w4-cvjr-76mh	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-15614`	vulnerable	2026-06-03 14:39:47.975804	Details available Missing sanitization in the iOS App 2.24.4 causes an XSS when opening malicious HTML files. Published: 2020-02-04T19:08:57.000Z Updated: 2024-08-05T00:56:20.821Z Open on db.gcve.eu Reference links https://hackerone.com/reports/575562 https://nextcloud.com/security/advisory/?id=NC-SA-2020-003	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-15611`	vulnerable	2026-06-03 14:39:47.971672	Details available Violation of Secure Design Principles in the iOS App 2.23.0 causes the app to leak its login and token to other Nextcloud services when search e.g. for federated users or registering for push notifications. Published: 2020-02-04T19:08:57.000Z Updated: 2024-08-05T00:56:20.928Z Open on db.gcve.eu Reference links https://hackerone.com/reports/672623 https://nextcloud.com/security/advisory/?id=NC-SA-2019-017	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.