Lucene search
K

202 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2023-28997

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server...

6.7CVSS6.4AI score0.01113EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/02/06 4:49 a.m.22 views

CVE-2021-37617

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. The Nextcloud Desktop Client invokes its uninstaller script when being installed to make sure there are no remnants of previous installations. In versions 3.0.3 through 3.2.4, the Client searches th...

7.3CVSS6.4AI score0.00474EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.6 views

PT-2025-49298

Name of the Vulnerable Software and Affected Versions Nextcloud Desktop versions prior to 3.16.5 Description Nextcloud Desktop is a desktop sync client for Nextcloud. Before version 3.16.5, the file path was transmitted unencrypted when attempting to manually lock a file within an end-to-end...

2.7CVSS6.4AI score0.00251EPSS
Exploits0References16
OSV
OSV
added 2024/11/15 6:15 p.m.5 views

DEBIAN-CVE-2024-52510

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. The Desktop client did not stop with an error but allowed by-passing the signature validation, if a manipulated server sends an empty initial signature. It is recommended that the Nextcloud Deskt...

7.5CVSS5.3AI score0.00728EPSS
Exploits0References1
CVE
CVE
added 2024/11/15 5:29 p.m.72 views

CVE-2024-52510

The CVE-2024-52510 issue affects the Nextcloud Desktop Client. A vulnerability exists where the client would bypass signature validation if the server sends an empty initial end-to-end signature, allowing potential integrity concerns without stopping at error. Affected software: Nextcloud Desktop...

7.5CVSS4.2AI score0.00728EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/11/15 5:29 p.m.17 views

CVE-2024-52510 Nextcloud Desktop client behaves incorrectly if the initial end-to-end-encryption signature is empty

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. The Desktop client did not stop with an error but allowed by-passing the signature validation, if a manipulated server sends an empty initial signature. It is recommended that the Nextcloud Deskt...

4.2CVSS6.5AI score0.00728EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/11/15 12:0 a.m.5 views

PT-2024-35349 · Nextcloud +1 · Nextcloud Desktop Client +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Desktop Client versions prior to 3.14.2 Description: The issue concerns the Nextcloud Desktop Client, a tool used to synchronize files from Nextcloud Server with a computer. It was found that the Desktop client did not stop with an...

4.2CVSS4.8AI score0.00728EPSS
Exploits0References19
CNNVD
CNNVD
added 2024/11/15 12:0 a.m.6 views

Nextcloud Desktop Client 信任管理问题漏洞

Nextcloud Desktop Client is an open source file synchronization and sharing tool from Nextcloud GmbH. A trust management issue vulnerability exists in Nextcloud Desktop Client that stems from the fact that if a manipulated server sends an empty initial signature, the desktop client does not stop...

7.5CVSS6.4AI score0.00728EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2024/09/17 2:50 a.m.6 views

SUSE CVE-2024-46958

In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files between the server and client may become world writable or world readable. This is fixed in 3.13.4...

9.1CVSS7AI score0.00555EPSS
Exploits0References3
OSV
OSV
added 2024/09/16 2:15 a.m.2 views

DEBIAN-CVE-2024-46958

In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files between the server and client may become world writable or world readable. This is fixed in 3.13.4...

9.1CVSS5.3AI score0.00555EPSS
Exploits0References1
OSV
OSV
added 2024/09/16 2:15 a.m.1 views

UBUNTU-CVE-2024-46958

In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files between the server and client may become world writable or world readable. This is fixed in 3.13.4...

9.1CVSS5.8AI score0.00555EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/09/16 12:0 a.m.7 views

Nextcloud Desktop Client 安全漏洞

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany.Nextcloud Desktop Client is a desktop client application for Nextcloud. A security vulnerability exists in Nextcloud Desktop Client versions 3.13.1 through...

9.1CVSS6.5AI score0.00555EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2024/06/15 2:12 a.m.7 views

SUSE CVE-2024-37885

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. A code injection in Nextcloud Desktop Client for macOS allowed to load arbitrary code when starting the client with DYLDINSERTLIBRARIES set in the enviroment. It is recommended that the Nextcloud...

7.8CVSS7.7AI score0.0032EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2024/06/14 4:15 p.m.23 views

CVE-2024-37885

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. A code injection in Nextcloud Desktop Client for macOS allowed to load arbitrary code when starting the client with DYLDINSERTLIBRARIES set in the enviroment. It is recommended that the Nextcloud...

7.8CVSS7.2AI score0.0032EPSS
Exploits0References4
CVE
CVE
added 2024/06/14 3:42 p.m.68 views

CVE-2024-37885

CVE-2024-37885 concerns the Nextcloud Desktop Client for macOS. A code injection vulnerability allows loading arbitrary code when the client is launched with the environment variable DYLD_INSERT_LIBRARIES set, as reported for versions prior to 3.12.0. The issue stems from how the macOS client han...

7.8CVSS4.8AI score0.0032EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/06/14 3:42 p.m.14 views

CVE-2024-37885 Code injection in Nextcloud Desktop Client for macOS

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. A code injection in Nextcloud Desktop Client for macOS allowed to load arbitrary code when starting the client with DYLDINSERTLIBRARIES set in the enviroment. It is recommended that the Nextcloud...

3.8CVSS7.6AI score0.0032EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2024/06/05 10:9 a.m.4 views

SUSE CVE-2023-28998

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files, recover the folder structure, and add new...

6.7CVSS6.4AI score0.00679EPSS
Exploits1References3
OPENSUSE Linux
OPENSUSE Linux
added 2023/07/10 12:0 a.m.5 views

Security update for nextcloud-desktop (important)

openSUSE Security Update: Security update for nextcloud-desktop Announcement ID: openSUSE-SU-2023:0171-1 Rating: important References: 1205798 1205799 1205800 1205801 1207976 Cross-References: CVE-2022-39331 CVE-2022-39332 CVE-2022-39333 CVE-2022-39334 CVE-2023-23942 CVSS scores: CVE-2022-39331 N...

6.1CVSS7.8AI score0.00884EPSS
Exploits4References5
OPENSUSE Linux
OPENSUSE Linux
added 2023/04/13 12:0 a.m.5 views

Security update for nextcloud-desktop (important)

openSUSE Security Update: Security update for nextcloud-desktop Announcement ID: openSUSE-SU-2023:0090-1 Rating: important References: 1201070 1205798 1205799 1205800 1205801 1207976 Cross-References: CVE-2022-39331 CVE-2022-39332 CVE-2022-39333 CVE-2022-39334 CVE-2023-23942 CVSS scores:...

6.1CVSS6.1AI score0.00884EPSS
Exploits4References6
SUSE CVE
SUSE CVE
added 2023/04/05 1:49 a.m.2 views

SUSE CVE-2023-28997

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can recover and modify the contents of end-to-end encrypted files. Users should upgrade the Nextcloud Desktop client to 3.6.5...

6.7CVSS6.8AI score0.01113EPSS
Exploits1References3
Rows per page
Query Builder