Nextcloud: Security Vulnerabilities
A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the login attempt.
CVSS Score
5.4
EPSS Score
0.007
Published
2020-08-21
Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory.
CVSS Score
6.8
EPSS Score
0.036
Published
2020-08-21
A memory corruption vulnerability exists in NextCloud Desktop Client v2.6.4 where missing ASLR and DEP protections in for windows allowed to corrupt memory.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-08-17
A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory.
CVSS Score
7.8
EPSS Score
0.002
Published
2020-08-10
A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system.
CVSS Score
5.5
EPSS Score
0.0
Published
2020-08-10
Improper check of inputs in Nextcloud Preferred Providers app v1.6.0 allowed to perform a denial of service attack when using a very long password.
CVSS Score
5.3
EPSS Score
0.003
Published
2020-07-30
A missing file type check in Nextcloud Contacts 3.2.0 allowed a malicious user to upload any file as avatars.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-07-10
Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to inject tasks into other users decks.
CVSS Score
4.1
EPSS Score
0.002
Published
2020-07-02
A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed a code injection when a not correctly sanitized talk command was added by an administrator.
CVSS Score
9.9
EPSS Score
0.008
Published
2020-06-08
An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint.
CVSS Score
7.7
EPSS Score
0.008
Published
2020-05-12