Nextcloud: Security Vulnerabilities
Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory.
CVSS Score
6.8
EPSS Score
0.009
Published
2020-08-21
A memory corruption vulnerability exists in NextCloud Desktop Client v2.6.4 where missing ASLR and DEP protections in for windows allowed to corrupt memory.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-08-17
A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory.
CVSS Score
7.8
EPSS Score
0.002
Published
2020-08-10
A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-08-10
Improper check of inputs in Nextcloud Preferred Providers app v1.6.0 allowed to perform a denial of service attack when using a very long password.
CVSS Score
5.3
EPSS Score
0.004
Published
2020-07-30
A missing file type check in Nextcloud Contacts 3.2.0 allowed a malicious user to upload any file as avatars.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-07-10
Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to inject tasks into other users decks.
CVSS Score
4.1
EPSS Score
0.001
Published
2020-07-02
A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed a code injection when a not correctly sanitized talk command was added by an administrator.
CVSS Score
9.9
EPSS Score
0.007
Published
2020-06-08
An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint.
CVSS Score
7.7
EPSS Score
0.01
Published
2020-05-12
An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF.
CVSS Score
5.4
EPSS Score
0.006
Published
2020-05-12