CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 1CVE-2021-22895 – Debian Security Advisory 4974-1
https://notcve.org/view.php?id=CVE-2021-22895
11 Jun 2021 — Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register with a Provider" flow. Nextcloud Desktop Client versiones anteriores a 3.3.1, es vulnerable a una comprobación inapropiada de certificados debido a una falta de comprobación de certificados SSL cuando se usa el flujo "Register with a Provider" Two vulnerabilities were discovered in the Nextcloud desktop client, which could result in information disclosur... • https://github.com/nextcloud/desktop/pull/2926 • CWE-295: Improper Certificate Validation •
CVSS: 8.8EPSS: 2%CPEs: 2EXPL: 1CVE-2021-22879 – Gentoo Linux Security Advisory 202105-37
https://notcve.org/view.php?id=CVE-2021-22879
14 Apr 2021 — Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation. Nextcloud Desktop Client versiones anteriores a 3.1.3, es vulnerable a una inyección de recursos debido a una falta de comprobación de las URL, permitiendo a un servidor malicioso ejecutar comandos remotos. Una interacción del usuario es necesaria para su explotación A vulnerability in Nextcloud ... • https://github.com/nextcloud/desktop/pull/2906 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8225
https://notcve.org/view.php?id=CVE-2020-8225
18 Sep 2020 — A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials. Un almacenamiento de texto sin cifrar de información confidencial en Nextcloud Desktop Client versión 2.6.4, proporcionó información sobre los proxies usados y sus credenciales de autenticación • https://hackerone.com/reports/685990 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-8189 – Gentoo Linux Security Advisory 202009-09
https://notcve.org/view.php?id=CVE-2020-8189
21 Aug 2020 — A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the login attempt. Un error de tipo cross-site scripting en el cliente de Nextcloud Desktop versión 2.6.4, permitió presentar cualquier html (incluyendo los enlaces locales) al responder con datos no válidos en el intento de inicio de sesión. Multiple vulnerabilities have been found in Nextcloud Desktop Sync client, the worst of which may allow execution of ... • https://hackerone.com/reports/685552 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 1%CPEs: 2EXPL: 2CVE-2020-8227 – Gentoo Linux Security Advisory 202009-09
https://notcve.org/view.php?id=CVE-2020-8227
21 Aug 2020 — Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory. Una falta de saneamiento de una respuesta del servidor en Nextcloud Desktop Client versión 2.6.4 para Linux permitió que un Servidor de Nextcloud malicioso almacenara archivos fuera del directorio de sincronización dedicado. Multiple vulnerabilities have been found in Nextcloud Desktop Sync client, the worst of which may allow exec... • https://hackerone.com/reports/590319 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8230
https://notcve.org/view.php?id=CVE-2020-8230
17 Aug 2020 — A memory corruption vulnerability exists in NextCloud Desktop Client v2.6.4 where missing ASLR and DEP protections in for windows allowed to corrupt memory. Se presenta una vulnerabilidad de corrupción de memoria en NextCloud Desktop Client versión v2.6.4, donde una falta de protecciones ASLR y DEP en Windows permitieron una corrupción de memoria. • https://hackerone.com/reports/380102 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-8224 – Gentoo Linux Security Advisory 202009-09
https://notcve.org/view.php?id=CVE-2020-8224
10 Aug 2020 — A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory. Una inyección de código en Nextcloud Desktop Client versión 2.6.4, permitió cargar código arbitrario cuando se coloca una configuración de OpenSSL maliciosa en un directorio fijo Multiple vulnerabilities have been found in Nextcloud Desktop Sync client, the worst of which may allow execution of arbitrary code. Versions less than 2.6.5 are affected. • https://hackerone.com/reports/622170 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-8229
https://notcve.org/view.php?id=CVE-2020-8229
10 Aug 2020 — A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system. Una pérdida de memoria en la biblioteca OCUtil.dll usada por Nextcloud Desktop Client versión 2.6.4, puede conllevar una DoS en el sistema host • https://hackerone.com/reports/588562 • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0CVE-2020-5537
https://notcve.org/view.php?id=CVE-2020-5537
25 May 2020 — Cybozu Desktop for Windows 2.0.23 to 2.2.40 allows remote code execution via unspecified vectors. Cybozu Desktop para Windows versiones 2.0.23 hasta 2.2.40, permite una ejecución de código remota por medio de vectores no especificados. • http://jvn.jp/en/jp/JVN59552136/index.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-1885
https://notcve.org/view.php?id=CVE-2020-1885
08 Apr 2020 — Writing to an unprivileged file from a privileged OVRRedir.exe process in Oculus Desktop before 1.44.0.32849 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file. Escribir en un archivo no privilegiado desde un proceso OVRRedir.exe privilegiado en Oculus Desktop versiones anteriores a 1.44.0.32849 en Windows, permite a usuarios locales escribir en archivos arbitrarios y, en consecuencia, conseguir privilegios por medio de ... • https://www.facebook.com/security/advisories/cve-2020-1885 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •