Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Desktop
(Nextcloud)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 24 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-08-17 | CVE-2020-8230 | A memory corruption vulnerability exists in NextCloud Desktop Client v2.6.4 where missing ASLR and DEP protections in for windows allowed to corrupt memory. | Desktop | 5.5 | ||
| 2020-08-21 | CVE-2020-8189 | A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the login attempt. | Desktop | 5.4 | ||
| 2020-08-21 | CVE-2020-8227 | Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory. | Desktop | 6.8 | ||
| 2021-06-11 | CVE-2021-22895 | Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register with a Provider" flow. | Debian_linux, Desktop | 5.9 |