Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Desktop
(Nextcloud)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 24 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-09-16 | CVE-2024-46958 | In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the server and client) may become world writable or world readable. This is fixed in 3.13.4. | Desktop | 9.1 | ||
| 2020-03-20 | CVE-2020-8140 | A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the environment. | Desktop | 6.7 | ||
| 2020-08-10 | CVE-2020-8224 | A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory. | Desktop | 7.8 | ||
| 2020-08-10 | CVE-2020-8229 | A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system. | Desktop | 5.5 | ||
| 2020-08-17 | CVE-2020-8230 | A memory corruption vulnerability exists in NextCloud Desktop Client v2.6.4 where missing ASLR and DEP protections in for windows allowed to corrupt memory. | Desktop | 5.5 | ||
| 2020-08-21 | CVE-2020-8189 | A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the login attempt. | Desktop | 5.4 | ||
| 2020-08-21 | CVE-2020-8227 | Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory. | Desktop | 6.8 | ||
| 2020-09-18 | CVE-2020-8225 | A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials. | Desktop | 7.5 | ||
| 2021-04-14 | CVE-2021-22879 | Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation. | Fedora, Desktop | 8.8 | ||
| 2021-06-11 | CVE-2021-22895 | Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register with a Provider" flow. | Debian_linux, Desktop | 5.9 |