Nextcloud: Security Vulnerabilities
A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials.
CVSS Score
7.5
EPSS Score
0.013
Published
2020-09-18
A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the login attempt.
CVSS Score
5.4
EPSS Score
0.026
Published
2020-08-21
Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory.
CVSS Score
6.8
EPSS Score
0.201
Published
2020-08-21
A memory corruption vulnerability exists in NextCloud Desktop Client v2.6.4 where missing ASLR and DEP protections in for windows allowed to corrupt memory.
CVSS Score
5.5
EPSS Score
0.002
Published
2020-08-17
A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory.
CVSS Score
7.8
EPSS Score
0.003
Published
2020-08-10
A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system.
CVSS Score
5.5
EPSS Score
0.003
Published
2020-08-10
Improper check of inputs in Nextcloud Preferred Providers app v1.6.0 allowed to perform a denial of service attack when using a very long password.
CVSS Score
5.3
EPSS Score
0.004
Published
2020-07-30
A missing file type check in Nextcloud Contacts 3.2.0 allowed a malicious user to upload any file as avatars.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-07-10
Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to inject tasks into other users decks.
CVSS Score
4.1
EPSS Score
0.001
Published
2020-07-02
A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed a code injection when a not correctly sanitized talk command was added by an administrator.
CVSS Score
9.9
EPSS Score
0.007
Published
2020-06-08