11 matches found
Linux Distros Unpatched Vulnerability : CVE-2022-41882
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. In version 3.6.0, if a user received a malicious file shar...
Cross-Site Request Forgery (CSRF)
nextcloud-client is vulnerable to Cross-Site Request Forgery CSRF. A malicious attacker could make a user send a POST request with an arbitrary body if they click a malicious deep link on a windows based machine exploiting it to the vulnerability...
Missing Encryption Of Sensitive Data
nextcloud-client is vulnerable to Missing Encryption of Sensitive Data. The vulnerability is caused due to a Lack of authenticity of metadata keys allowing a malicious server to gain access to E2EE folders resulting in it being able to decrypt files, recover the folder structure and add new files...
SUSE CVE-2020-8230
A memory corruption vulnerability exists in NextCloud Desktop Client v2.6.4 where missing ASLR and DEP protections in for windows allowed to corrupt memory...
DEBIAN-CVE-2021-22895
Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register with a Provider" flow...
Fedora: Security Advisory for nextcloud-client (FEDORA-2021-1ffffa0251)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Nextcloud Desktop Sync client: Multiple vulnerabilities
Background Nextcloud Desktop Sync client can synchronize one or more directories to Nextcloud server. Description Multiple vulnerabilities have been discovered in Nextcloud Desktop Sync client. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...
Directory traversal
Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory...
PT-2020-20036 · Openssl +2 · Openssl +2
Name of the Vulnerable Software and Affected Versions: Nextcloud Desktop Client version 2.6.4 Description: A code injection issue in the Nextcloud Desktop Client allowed the loading of arbitrary code when a malicious OpenSSL configuration was placed in a fixed directory. Recommendations: For...
Nextcloud: SSL certificate not validated when registering with a provider
Description When running the desktop client for the first time, users can click the "Register with a provider" button to sign up for a Nextcloud account with a Nextcloud cloud provider. Clicking "Register..." opens a web page in a Nextcloud desktop client window with content from...
Improper check for access to application database (NC-SA-2018-015)
A too permissive check allowed an installed application that contained the Nextcloud client package name to obtain access to the database of the Nextcloud application. At time of disclosure there are no applications with in the Google Play Store that fullfill this requirement...