Desktop Security Vulnerabilities and Issues — Desktop CVE List

Lucene search

NextcloudDesktop

8 matches found

CVE•added 2020/03/20 9:15 p.m.•119 views

CVE-2020-8140

A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the environment.

6.7CVSS6.6AI score0.00365EPSS

CVE•added 2023/04/04 1:15 p.m.•108 views

CVE-2023-28999

Nextcloud is an open-source productivity platform. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app 3.13.0 until 3.25.0, and Nextcloud iOS app 3.0.5 until 4.8.0, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files, reco...

6.9CVSS5.9AI score0.00242EPSS

CVE•added 2021/08/18 4:15 p.m.•86 views

CVE-2021-32728

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. Clients using the Nextcloud end-to-end encryption feature download the public and private key via an API endpoint. In versions prior to 3.3.0, the Nextcloud Desktop client fails to check if a private ...

6.5CVSS6.1AI score0.0045EPSS

CVE•added 2023/02/06 9:15 p.m.•78 views

CVE-2023-23942

The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as strong, em and head lines in the UI of the desktop client. The lack of sanitisation m...

6.1CVSS5.9AI score0.00679EPSS

CVE•added 2022/11/25 8:15 p.m.•70 views

CVE-2022-39333

Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue.

6.1CVSS5.3AI score0.00217EPSS

CVE•added 2023/04/04 1:15 p.m.•66 views

CVE-2023-28998

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files, recover the folder structure, and add new files...

6.7CVSS6.2AI score0.00536EPSS

CVE•added 2023/04/04 1:15 p.m.•54 views

CVE-2023-28997

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can recover and modify the contents of end-to-end encrypted files. Users should upgrade the Nextcloud Desktop client to 3.6.5 t...

6.7CVSS6.3AI score0.00891EPSS

CVE•added 2023/04/04 1:15 p.m.•50 views

CVE-2023-29000

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.7.0, by trusting that the server will return a certificate that belongs to the keypair of the user, a malicious server could get the desktop client to encrypt files ...

6.5CVSS5.6AI score0.00477EPSS