4969 matches found
CVE-2020-8225
A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials...
DEBIAN-CVE-2020-8225
A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials...
CVE-2020-8225
A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials...
Authentication flaw
A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials...
UBUNTU-CVE-2020-8225
A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials...
CVE-2020-8225
A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials...
CVE-2020-8225
CVE-2020-8225 affects Nextcloud Desktop Client 2.6.4, where proxy parameters and authentication credentials are stored in plaintext. This plaintext storage constitutes the root cause and enables disclosure of used proxies and their credentials, impacting confidentiality. The published advisory NC...
CVE-2020-8225
A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials...
PT-2020-20037 · Nextcloud +1 · Nextcloud Desktop Client +1
Name of the Vulnerable Software and Affected Versions: Nextcloud Desktop Client version 2.6.4 Description: The issue concerns a cleartext storage of sensitive information, which exposed details about used proxies and their authentication credentials. Recommendations: For Nextcloud Desktop Client...
GLSA-202009-09 : Nextcloud Desktop Sync client: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202009-09 Nextcloud Desktop Sync client: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Nextcloud Desktop Sync client. Please review the CVE identifiers referenced below for details. Impact : Please revi...
Nextcloud Desktop Sync client: Multiple vulnerabilities
Background Nextcloud Desktop Sync client can synchronize one or more directories to Nextcloud server. Description Multiple vulnerabilities have been discovered in Nextcloud Desktop Sync client. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...
Cross-Site Scripting in nextcloud-vue-collections
Versions of nextcloud-vue-collections prior to 0.4.2 are vulnerable to Cross-Site Scripting XSS. The v-tooltip component has an insecure defaultHTML configuration that allows arbitrary JavaScript to be injected in the tooltip of a collection item. This allows attackers to execute arbitrary code i...
GHSA-WHV6-RJ84-2VH2 Cross-Site Scripting in nextcloud-vue-collections
Versions of nextcloud-vue-collections prior to 0.4.2 are vulnerable to Cross-Site Scripting XSS. The v-tooltip component has an insecure defaultHTML configuration that allows arbitrary JavaScript to be injected in the tooltip of a collection item. This allows attackers to execute arbitrary code i...
Nextcloud: Stored XSS in collabora via user name
Affected: collabora and nextcloud Ubuntu 18.04.5 LTS Nextcloud 19.0.1 snap version collabora CODE The name of the user is displayed when him joins to edit the document allowing the attacker trigger xss. Impact Set the name of the attacker account to Create a new document → share the document with...
Message Authentication Codes calculated by the Default Encryption Module allow an attacker to silently overwrite blocks in a file (NC-SA-2020-038)
A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed an attacker to overwrite blocks in a file...
Downgrade encryption scheme and break integrity through known-plaintext attack (NC-SA-2020-039)
A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption scheme and break the integrity of encrypted files...
PIN for passwordless WebAuthn is asked for but not verified (NC-SA-2020-037)
A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless WebAuthn is also a two factor verification by asking for the PIN of the passwordless WebAuthn but not verifying it...
Nextcloud Desktop Client Cross-Site Scripting Vulnerability
Nextcloud is a suite of client-server software for creating file hosting services and using them.Nextcloud Desktop Client is the Nextcloud desktop client. A cross-site scripting vulnerability exists in Nextcloud Desktop Client 2.6.4. An attacker can exploit this vulnerability via an invalid serve...
CVE-2020-8227
Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory...
CVE-2020-8189
A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html including local links when responding with invalid data on the login attempt...