CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-8224 – Gentoo Linux Security Advisory 202009-09
https://notcve.org/view.php?id=CVE-2020-8224
10 Aug 2020 — A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory. Una inyección de código en Nextcloud Desktop Client versión 2.6.4, permitió cargar código arbitrario cuando se coloca una configuración de OpenSSL maliciosa en un directorio fijo Multiple vulnerabilities have been found in Nextcloud Desktop Sync client, the worst of which may allow execution of arbitrary code. Versions less than 2.6.5 are affected. • https://hackerone.com/reports/622170 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-8229
https://notcve.org/view.php?id=CVE-2020-8229
10 Aug 2020 — A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system. Una pérdida de memoria en la biblioteca OCUtil.dll usada por Nextcloud Desktop Client versión 2.6.4, puede conllevar una DoS en el sistema host • https://hackerone.com/reports/588562 • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 1CVE-2020-8140
https://notcve.org/view.php?id=CVE-2020-8140
20 Mar 2020 — A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the environment. Una inyección de código en Nextcloud Desktop Client versión 2.6.2 para macOS, permite cargar código arbitrario cuando se inicia el cliente con DYLD_INSERT_LIBRARIES establecido en el entorno. • https://hackerone.com/reports/633266 • CWE-94: Improper Control of Generation of Code ('Code Injection') •