CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-8229
https://notcve.org/view.php?id=CVE-2020-8229
10 Aug 2020 — A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system. Una pérdida de memoria en la biblioteca OCUtil.dll usada por Nextcloud Desktop Client versión 2.6.4, puede conllevar una DoS en el sistema host • https://hackerone.com/reports/588562 • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 1CVE-2020-8140
https://notcve.org/view.php?id=CVE-2020-8140
20 Mar 2020 — A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the environment. Una inyección de código en Nextcloud Desktop Client versión 2.6.2 para macOS, permite cargar código arbitrario cuando se inicia el cliente con DYLD_INSERT_LIBRARIES establecido en el entorno. • https://hackerone.com/reports/633266 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1000492
https://notcve.org/view.php?id=CVE-2017-1000492
03 Jan 2018 — Leanote-desktop version v2.5 is vulnerable to a XSS which leads to code execution due to enabled node integration Leanote-desktop v2.5 es vulnerable to XSS, que conduce a la ejecución de código debido a la integración de nodos habilitada. • https://github.com/leanote/desktop-app/commit/a2ed226637f8e66c9b089784b5e58eccf2e2fb30 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6021
https://notcve.org/view.php?id=CVE-2015-6021
10 Apr 2017 — Spiceworks Desktop before 2015-12-01 has XSS via an SNMP response. Spiceworks Desktop en versiones anteriores a 01-12-2015 tiene un XSS a través de una respuesta SNMP. • https://community.rapid7.com/community/infosec/blog/2015/12/16/multiple-disclosures-for-multiple-network-management-systems • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 37EXPL: 0CVE-2014-2544
https://notcve.org/view.php?id=CVE-2014-2544
09 Apr 2014 — Unspecified vulnerability in Spotfire Web Player Engine, Spotfire Desktop, and Spotfire Server Authentication Module in TIBCO Spotfire Server 3.3.x before 3.3.4, 4.5.x before 4.5.1, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.2; Spotfire Professional 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Web Player 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Automation Se... • http://www.tibco.com/mk/advisory.jsp •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2009-0681
https://notcve.org/view.php?id=CVE-2009-0681
15 Apr 2009 — PGP Desktop before 9.10 allows local users to (1) cause a denial of service (crash) via a crafted IOCTL request to pgpdisk.sys, and (2) cause a denial of service (crash) and execute arbitrary code via a crafted IRP in an IOCTL request to pgpwded.sys. PGP Desktop anterior a v9.10 permite a usuarios locales (1) provocar una denegación de servicio (caída) a través de peticiones IOCTL manipuladas en pgpdisk.sys, y (2) provocar una denegación de servicio (caída) y ejecutar código de su elección a través de una p... • http://en.securitylab.ru/lab/PT-2009-01 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 2CVE-2005-4151
https://notcve.org/view.php?id=CVE-2005-4151
10 Dec 2005 — The Wipe Free Space utility in PGP Desktop Home 8.0 and Desktop Professional 9.0.3 Build 2932 and earlier does not clear file slack space in the last cluster for the file, which allows local users to access the previous contents of the disk. • http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0349.html •