Lucene search
K

202 matches found

Positive Technologies
Positive Technologies
added 2023/04/04 12:0 a.m.4 views

PT-2023-22073 · Nextcloud +2 · Nextcloud Desktop Client +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Desktop Client versions 3.0.0 through 3.6.4 Description: The issue allows a malicious server administrator to recover and modify the contents of end-to-end encrypted files. This is a significant concern for users who rely on the...

8.8CVSS5.9AI score0.04698EPSS
Exploits10References37
SUSE CVE
SUSE CVE
added 2023/02/15 4:1 a.m.2 views

SUSE CVE-2020-8189

A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html including local links when responding with invalid data on the login attempt...

5.4CVSS5AI score0.01401EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:1 a.m.2 views

SUSE CVE-2020-8225

A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials...

7.5CVSS7.6AI score0.0091EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:1 a.m.3 views

SUSE CVE-2020-8224

A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory...

7.8CVSS7.8AI score0.00659EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:45 a.m.5 views

SUSE CVE-2021-22879

Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation...

6.3CVSS9.1AI score0.04698EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:45 a.m.2 views

SUSE CVE-2021-22895

Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register with a Provider" flow...

5.9CVSS5.8AI score0.01031EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:40 a.m.3 views

SUSE CVE-2021-32728

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. Clients using the Nextcloud end-to-end encryption feature download the public and private key via an API endpoint. In versions prior to 3.3.0, the Nextcloud Desktop client fails to check if a privat...

6.5CVSS6.2AI score0.00851EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:23 a.m.3 views

SUSE CVE-2022-39332

Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application via user status and information. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for...

5.4CVSS5.5AI score0.00884EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:23 a.m.6 views

SUSE CVE-2022-39333

Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue...

6.1CVSS6.2AI score0.00882EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:23 a.m.5 views

SUSE CVE-2022-39331

Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application in the notifications. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue...

5.4CVSS5.5AI score0.00864EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:21 a.m.5 views

SUSE CVE-2023-23942

The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as strong, em and head lines in the UI of the desktop client. The lack of sanitisation...

5.4CVSS6.1AI score0.00657EPSS
Exploits0References5
NVD
NVD
added 2023/02/06 9:15 p.m.33 views

CVE-2023-23942

The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as strong, em and head lines in the UI of the desktop client. The lack of sanitisation...

6.1CVSS6AI score0.00657EPSS
Exploits0References3
OSV
OSV
added 2023/02/06 9:15 p.m.3 views

DEBIAN-CVE-2023-23942

The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as strong, em and head lines in the UI of the desktop client. The lack of sanitisation...

6.1CVSS6.1AI score0.00657EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2023/02/06 9:15 p.m.35 views

CVE-2023-23942

The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as strong, em and head lines in the UI of the desktop client. The lack of sanitisation...

6.1CVSS6.3AI score0.00657EPSS
Exploits0References4
OSV
OSV
added 2023/02/06 9:15 p.m.7 views

UBUNTU-CVE-2023-23942

The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as strong, em and head lines in the UI of the desktop client. The lack of sanitisation...

6.1CVSS5.8AI score0.00657EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2023/02/06 8:23 p.m.10 views

CVE-2023-23942 Self reflected HTML injection in Desktop client

The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as strong, em and head lines in the UI of the desktop client. The lack of sanitisation...

5.4CVSS6.3AI score0.00657EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2023/02/06 8:23 p.m.24 views

CVE-2023-23942

The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as strong, em and head lines in the UI of the desktop client. The lack of sanitisation...

6.1CVSS6.4AI score0.00657EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2023/02/06 8:23 p.m.47 views

CVE-2023-23942

The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as strong, em and head lines in the UI of the desktop client. The lack of sanitisation...

6.1CVSS6AI score0.00657EPSS
Exploits0
CNNVD
CNNVD
added 2023/02/06 12:0 a.m.7 views

Nextcloud 跨站脚本漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A cross-site scripting vulnerability exists in Nextcloud Desktop Client versions prior to 3.6.3, which stems from a lack of cleanup of qml tags, leading to...

6.1CVSS5.8AI score0.00657EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/02/06 12:0 a.m.4 views

PT-2023-19313 · Nextcloud +2 · Nextcloud Desktop Client +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Desktop Client versions prior to 3.6.3 Description: The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. It is missing sanitisation on qml labels used for basic HTML elements such a...

8.8CVSS6AI score0.04698EPSS
Exploits10References53
Rows per page
Query Builder