Lucene search
+L

202 matches found

CNNVD
CNNVD
added 2021/06/11 12:0 a.m.6 views

Nextcloud 信任管理问题漏洞

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud, which stems from the vulnerability of the Nextcloud desktop client prior to 3.3.1 to incorrect certificate...

5.9CVSS5.6AI score0.01031EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2021/05/18 12:0 a.m.36 views

openSUSE Security Update : nextcloud-desktop (openSUSE-2021-577)

This update for nextcloud-desktop fixes the following issues : nextcloud-desktop was updated to 3.1.3 : - desktop2884 stable-3.1 Add support for Hirsute - desktop2920 stable-3.1 Validate sensitive URLs to onle allow https schemes. - desktop2926 stable-3.1 Validate the providers ssl certificate -...

8.8CVSS8.3AI score0.04698EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2021/04/21 12:0 a.m.22 views

openSUSE: Security Advisory for nextcloud-desktop (openSUSE-SU-2021:0577-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.8CVSS8.8AI score0.04698EPSS
Exploits1References2
OSV
OSV
added 2021/04/19 12:8 p.m.4 views

OPENSUSE-SU-2021:0577-1 Security update for nextcloud-desktop

This update for nextcloud-desktop fixes the following issues: nextcloud-desktop was updated to 3.1.3: - desktop2884 stable-3.1 Add support for Hirsute - desktop2920 stable-3.1 Validate sensitive URLs to onle allow https schemes. - desktop2926 stable-3.1 Validate the providers ssl certificate -...

8.8CVSS8.8AI score0.04698EPSS
Exploits1References3
OPENSUSE Linux
OPENSUSE Linux
added 2021/04/19 12:0 a.m.39 views

Security update for nextcloud-desktop (important)

openSUSE Security Update: Security update for nextcloud-desktop Announcement ID: openSUSE-SU-2021:0577-1 Rating: important References: 1184770 Cross-References: CVE-2021-22879 CVSS scores: CVE-2021-22879 SUSE: 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Affected Products: openSUSE Leap 15.2 ...

6.3CVSS8.8AI score0.04698EPSS
Exploits1References1
OSV
OSV
added 2021/04/14 1:15 p.m.3 views

DEBIAN-CVE-2021-22879

Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation...

8.8CVSS8.4AI score0.04698EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2021/04/14 1:15 p.m.37 views

CVE-2021-22879

Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation...

8.8CVSS7.4AI score0.04698EPSS
Exploits1References4
OSV
OSV
added 2021/04/14 1:15 p.m.5 views

UBUNTU-CVE-2021-22879

Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation...

8.8CVSS7.5AI score0.04698EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2021/04/14 12:0 a.m.2 views

PT-2021-15251 · Nextcloud +2 · Nextcloud Desktop Client +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Desktop Client versions prior to 3.1.3 Description: The issue is related to resource injection due to missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation...

8.8CVSS6.4AI score0.04698EPSS
Exploits10References43
CNNVD
CNNVD
added 2021/04/13 12:0 a.m.18 views

Nextcloud 注入漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in the Nextcloud Desktop client, which stems from insufficient validation of input provided to a user passed through a URL....

8.8CVSS8.1AI score0.04698EPSS
Exploits1References10
Nextcloud
Nextcloud
added 2021/02/24 12:0 a.m.41 views

Missing URL validation allowed RCE for the server on the Desktop client (NC-SA-2021-008)

Missing validation of URLs in Nextcloud Desktop Client 3.1.2 and earlier allowed a malicious server to execute code on the client. User interaction was required...

6.8CVSS2.8AI score0.04698EPSS
Exploits1Affected Software1
CNVD
CNVD
added 2020/09/21 12:0 a.m.3 views

Nextcloud Desktop Client Sensitive Information Plaintext Storage Vulnerability

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication applications from Nextcloud Germany.Nextcloud Desktop Client is a desktop client application for Nextcloud. A vulnerability exists in Nextcloud Desktop Client version 2.6.4 in which sensitive informati...

7.5CVSS6.7AI score0.0091EPSS
Exploits0References1
OSV
OSV
added 2020/09/18 9:15 p.m.5 views

DEBIAN-CVE-2020-8225

A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials...

7.5CVSS7.3AI score0.0091EPSS
Exploits0References1
OSV
OSV
added 2020/09/18 9:15 p.m.26 views

UBUNTU-CVE-2020-8225

A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials...

7.5CVSS5.8AI score0.0091EPSS
Exploits0References4
CVE
CVE
added 2020/09/18 8:11 p.m.64 views

CVE-2020-8225

CVE-2020-8225 affects Nextcloud Desktop Client 2.6.4, where proxy parameters and authentication credentials are stored in plaintext. This plaintext storage constitutes the root cause and enables disclosure of used proxies and their credentials, impacting confidentiality. The published advisory NC...

7.5CVSS7.4AI score0.0091EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2020/09/14 12:0 a.m.8 views

PT-2020-20037 · Nextcloud +1 · Nextcloud Desktop Client +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Desktop Client version 2.6.4 Description: The issue concerns a cleartext storage of sensitive information, which exposed details about used proxies and their authentication credentials. Recommendations: For Nextcloud Desktop Client...

7.8CVSS5.5AI score0.01401EPSS
Exploits3References18
Tenable Nessus
Tenable Nessus
added 2020/09/14 12:0 a.m.33 views

GLSA-202009-09 : Nextcloud Desktop Sync client: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202009-09 Nextcloud Desktop Sync client: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Nextcloud Desktop Sync client. Please review the CVE identifiers referenced below for details. Impact : Please revi...

7.8CVSS6.3AI score0.2245EPSS
Exploits3References4
CNVD
CNVD
added 2020/08/24 12:0 a.m.61 views

Nextcloud Desktop Client Cross-Site Scripting Vulnerability

Nextcloud is a suite of client-server software for creating file hosting services and using them.Nextcloud Desktop Client is the Nextcloud desktop client. A cross-site scripting vulnerability exists in Nextcloud Desktop Client 2.6.4. An attacker can exploit this vulnerability via an invalid serve...

5.4CVSS6.3AI score0.01401EPSS
Exploits1References1
OSV
OSV
added 2020/08/21 9:15 p.m.5 views

DEBIAN-CVE-2020-8227

Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory...

6.8CVSS6.5AI score0.2245EPSS
Exploits1References1
OSV
OSV
added 2020/08/21 9:15 p.m.2 views

DEBIAN-CVE-2020-8189

A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html including local links when responding with invalid data on the login attempt...

5.4CVSS5.2AI score0.01401EPSS
Exploits1References1
Rows per page
Query Builder