cbcvebase.

Debian Nextcloud-Desktop vulnerabilities

26 known vulnerabilities affecting debian/nextcloud-desktop.

Total CVEs
26
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM15LOW9

Vulnerabilities

Page 2 of 2
CVE-2020-8189MEDIUMCVSS 5.4fixed in nextcloud-desktop 3.0.1-1 (bookworm)2020
CVE-2020-8189 [MEDIUM] CVE-2020-8189: nextcloud-desktop - A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to presen... A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the login attempt. Scope: local bookworm: resolved (fixed in 3.0.1-1) bullseye: resolved (fixed in 3.0.1-1) forky: resolved (fixed in 3.0.1-1) sid: resolved (fixed in 3.0.1-1) trixie: resolved (fixed in 3.0
debian
CVE-2020-8227MEDIUMCVSS 6.8fixed in nextcloud-desktop 3.0.1-1 (bookworm)2020
CVE-2020-8227 [MEDIUM] CVE-2020-8227: nextcloud-desktop - Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for ... Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory. Scope: local bookworm: resolved (fixed in 3.0.1-1) bullseye: resolved (fixed in 3.0.1-1) forky: resolved (fixed in 3.0.1-1) sid: resolved (fixed in 3.0.1-1) trixie: resolved (fixe
debian
CVE-2020-8229LOWCVSS 5.52020
CVE-2020-8229 [MEDIUM] CVE-2020-8229: nextcloud-desktop - A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 c... A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved
debian
CVE-2020-8224LOWCVSS 7.82020
CVE-2020-8224 [HIGH] CVE-2020-8224: nextcloud-desktop - A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary cod... A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved
debian
CVE-2020-8230LOWCVSS 5.52020
CVE-2020-8230 [MEDIUM] CVE-2020-8230: nextcloud-desktop - A memory corruption vulnerability exists in NextCloud Desktop Client v2.6.4 wher... A memory corruption vulnerability exists in NextCloud Desktop Client v2.6.4 where missing ASLR and DEP protections in for windows allowed to corrupt memory. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved
debian
CVE-2020-8140LOWCVSS 6.72020
CVE-2020-8140 [MEDIUM] CVE-2020-8140: nextcloud-desktop - A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arb... A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the environment. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved
debian
← Previous2 / 2