Nextcloud Desktop vulnerabilities

27 known vulnerabilities affecting nextcloud/desktop.

Total CVEs
27
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH8MEDIUM17LOW1

Vulnerabilities

Page 2 of 2
CVE-2020-8225HIGHCVSS 7.5fixed in 2.6.52020-09-18
CVE-2020-8225 [HIGH] CWE-312 CVE-2020-8225: A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials.
nvd
CVE-2020-8227MEDIUMCVSS 6.8fixed in 2.6.52020-08-21
CVE-2020-8227 [MEDIUM] CWE-22 CVE-2020-8227: Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a mali Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory.
nvd
CVE-2020-8189MEDIUMCVSS 5.4fixed in 2.6.52020-08-21
CVE-2020-8189 [MEDIUM] CWE-79 CVE-2020-8189: A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (includin A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the login attempt.
nvd
CVE-2020-8230MEDIUMCVSS 5.5fixed in 2.6.52020-08-17
CVE-2020-8230 [MEDIUM] CWE-119 CVE-2020-8230: A memory corruption vulnerability exists in NextCloud Desktop Client v2.6.4 where missing ASLR and D A memory corruption vulnerability exists in NextCloud Desktop Client v2.6.4 where missing ASLR and DEP protections in for windows allowed to corrupt memory.
nvd
CVE-2020-8224HIGHCVSS 7.8fixed in 2.6.52020-08-10
CVE-2020-8224 [HIGH] CWE-94 CVE-2020-8224: A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a mal A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory.
nvd
CVE-2020-8229MEDIUMCVSS 5.5fixed in 2.6.52020-08-10
CVE-2020-8229 [MEDIUM] CWE-400 CVE-2020-8229: A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS aga A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system.
nvd
CVE-2020-8140MEDIUMCVSS 6.7fixed in 2.6.32020-03-20
CVE-2020-8140 [MEDIUM] CWE-94 CVE-2020-8140: A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when sta A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the environment.
nvd
← Previous2 / 2