Desktop@* Security Vulnerabilities and Issues — Desktop@* CVE List

Lucene search

NextcloudDesktop*

7 matches found

CVE•added 2020/03/20 9:15 p.m.•119 views

CVE-2020-8140

A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the environment.

6.7CVSS6.6AI score0.00365EPSS

CVE•added 2020/08/21 9:15 p.m.•67 views

CVE-2020-8189

A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the login attempt.

5.4CVSS5.2AI score0.02601EPSS

CVE•added 2020/08/21 9:15 p.m.•67 views

CVE-2020-8227

Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory.

7.1CVSS6.4AI score0.20057EPSS

CVE•added 2020/08/10 2:15 p.m.•45 views

CVE-2020-8224

A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory.

7.8CVSS7.6AI score0.00346EPSS

CVE•added 2020/09/18 9:15 p.m.•41 views

CVE-2020-8225

A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials.

7.5CVSS7.4AI score0.01303EPSS

CVE•added 2020/08/17 4:15 p.m.•41 views

CVE-2020-8230

A memory corruption vulnerability exists in NextCloud Desktop Client v2.6.4 where missing ASLR and DEP protections in for windows allowed to corrupt memory.

5.5CVSS5.5AI score0.00235EPSS

CVE•added 2020/08/10 2:15 p.m.•37 views

CVE-2020-8229

A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system.

5.5CVSS5.2AI score0.00258EPSS