Filtered by vendor Nextcloud
Subscriptions
Filtered by product Desktop
Subscriptions
Total
26 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-8227 | 2 Linux, Nextcloud | 2 Linux Kernel, Desktop | 2024-11-21 | 6.8 Medium |
| Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory. | ||||
| CVE-2020-8225 | 1 Nextcloud | 1 Desktop | 2024-11-21 | 7.5 High |
| A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials. | ||||
| CVE-2020-8224 | 1 Nextcloud | 1 Desktop | 2024-11-21 | 7.8 High |
| A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory. | ||||
| CVE-2020-8189 | 1 Nextcloud | 1 Desktop | 2024-11-21 | 5.4 Medium |
| A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the login attempt. | ||||
| CVE-2020-8140 | 2 Apple, Nextcloud | 2 Macos, Desktop | 2024-11-21 | 6.7 Medium |
| A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the environment. | ||||
| CVE-2024-52510 | 1 Nextcloud | 1 Desktop | 2024-11-18 | 4.2 Medium |
| The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. The Desktop client did not stop with an error but allowed by-passing the signature validation, if a manipulated server sends an empty initial signature. It is recommended that the Nextcloud Desktop client is upgraded to 3.14.2 or later. | ||||