202 matches found
Nextcloud 信任管理问题漏洞
Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud, which stems from the vulnerability of the Nextcloud desktop client prior to 3.3.1 to incorrect certificate...
openSUSE Security Update : nextcloud-desktop (openSUSE-2021-577)
This update for nextcloud-desktop fixes the following issues : nextcloud-desktop was updated to 3.1.3 : - desktop2884 stable-3.1 Add support for Hirsute - desktop2920 stable-3.1 Validate sensitive URLs to onle allow https schemes. - desktop2926 stable-3.1 Validate the providers ssl certificate -...
openSUSE: Security Advisory for nextcloud-desktop (openSUSE-SU-2021:0577-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
OPENSUSE-SU-2021:0577-1 Security update for nextcloud-desktop
This update for nextcloud-desktop fixes the following issues: nextcloud-desktop was updated to 3.1.3: - desktop2884 stable-3.1 Add support for Hirsute - desktop2920 stable-3.1 Validate sensitive URLs to onle allow https schemes. - desktop2926 stable-3.1 Validate the providers ssl certificate -...
Security update for nextcloud-desktop (important)
openSUSE Security Update: Security update for nextcloud-desktop Announcement ID: openSUSE-SU-2021:0577-1 Rating: important References: 1184770 Cross-References: CVE-2021-22879 CVSS scores: CVE-2021-22879 SUSE: 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Affected Products: openSUSE Leap 15.2 ...
DEBIAN-CVE-2021-22879
Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation...
CVE-2021-22879
Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation...
UBUNTU-CVE-2021-22879
Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation...
PT-2021-15251 · Nextcloud +2 · Nextcloud Desktop Client +2
Name of the Vulnerable Software and Affected Versions: Nextcloud Desktop Client versions prior to 3.1.3 Description: The issue is related to resource injection due to missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation...
Nextcloud 注入漏洞
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in the Nextcloud Desktop client, which stems from insufficient validation of input provided to a user passed through a URL....
Missing URL validation allowed RCE for the server on the Desktop client (NC-SA-2021-008)
Missing validation of URLs in Nextcloud Desktop Client 3.1.2 and earlier allowed a malicious server to execute code on the client. User interaction was required...
Nextcloud Desktop Client Sensitive Information Plaintext Storage Vulnerability
Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication applications from Nextcloud Germany.Nextcloud Desktop Client is a desktop client application for Nextcloud. A vulnerability exists in Nextcloud Desktop Client version 2.6.4 in which sensitive informati...
DEBIAN-CVE-2020-8225
A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials...
UBUNTU-CVE-2020-8225
A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials...
CVE-2020-8225
CVE-2020-8225 affects Nextcloud Desktop Client 2.6.4, where proxy parameters and authentication credentials are stored in plaintext. This plaintext storage constitutes the root cause and enables disclosure of used proxies and their credentials, impacting confidentiality. The published advisory NC...
PT-2020-20037 · Nextcloud +1 · Nextcloud Desktop Client +1
Name of the Vulnerable Software and Affected Versions: Nextcloud Desktop Client version 2.6.4 Description: The issue concerns a cleartext storage of sensitive information, which exposed details about used proxies and their authentication credentials. Recommendations: For Nextcloud Desktop Client...
GLSA-202009-09 : Nextcloud Desktop Sync client: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202009-09 Nextcloud Desktop Sync client: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Nextcloud Desktop Sync client. Please review the CVE identifiers referenced below for details. Impact : Please revi...
Nextcloud Desktop Client Cross-Site Scripting Vulnerability
Nextcloud is a suite of client-server software for creating file hosting services and using them.Nextcloud Desktop Client is the Nextcloud desktop client. A cross-site scripting vulnerability exists in Nextcloud Desktop Client 2.6.4. An attacker can exploit this vulnerability via an invalid serve...
DEBIAN-CVE-2020-8227
Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory...
DEBIAN-CVE-2020-8189
A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html including local links when responding with invalid data on the login attempt...