Nextcloud: >> Desktop >> 1.6.1 Security Vulnerabilities
A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the login attempt.
CVSS Score
5.4
EPSS Score
0.03
Published
2020-08-21
Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory.
CVSS Score
6.8
EPSS Score
0.225
Published
2020-08-21
A memory corruption vulnerability exists in NextCloud Desktop Client v2.6.4 where missing ASLR and DEP protections in for windows allowed to corrupt memory.
CVSS Score
5.5
EPSS Score
0.002
Published
2020-08-17
A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory.
CVSS Score
7.8
EPSS Score
0.003
Published
2020-08-10
A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system.
CVSS Score
5.5
EPSS Score
0.003
Published
2020-08-10
A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the environment.
CVSS Score
6.7
EPSS Score
0.004
Published
2020-03-20
Page 2