CVSS: 7.1EPSS: 1%CPEs: 2EXPL: 2CVE-2020-8227 – Gentoo Linux Security Advisory 202009-09
https://notcve.org/view.php?id=CVE-2020-8227
21 Aug 2020 — Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory. Una falta de saneamiento de una respuesta del servidor en Nextcloud Desktop Client versión 2.6.4 para Linux permitió que un Servidor de Nextcloud malicioso almacenara archivos fuera del directorio de sincronización dedicado. Multiple vulnerabilities have been found in Nextcloud Desktop Sync client, the worst of which may allow exec... • https://hackerone.com/reports/590319 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8230
https://notcve.org/view.php?id=CVE-2020-8230
17 Aug 2020 — A memory corruption vulnerability exists in NextCloud Desktop Client v2.6.4 where missing ASLR and DEP protections in for windows allowed to corrupt memory. Se presenta una vulnerabilidad de corrupción de memoria en NextCloud Desktop Client versión v2.6.4, donde una falta de protecciones ASLR y DEP en Windows permitieron una corrupción de memoria. • https://hackerone.com/reports/380102 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-8224 – Gentoo Linux Security Advisory 202009-09
https://notcve.org/view.php?id=CVE-2020-8224
10 Aug 2020 — A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory. Una inyección de código en Nextcloud Desktop Client versión 2.6.4, permitió cargar código arbitrario cuando se coloca una configuración de OpenSSL maliciosa en un directorio fijo Multiple vulnerabilities have been found in Nextcloud Desktop Sync client, the worst of which may allow execution of arbitrary code. Versions less than 2.6.5 are affected. • https://hackerone.com/reports/622170 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-8229
https://notcve.org/view.php?id=CVE-2020-8229
10 Aug 2020 — A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system. Una pérdida de memoria en la biblioteca OCUtil.dll usada por Nextcloud Desktop Client versión 2.6.4, puede conllevar una DoS en el sistema host • https://hackerone.com/reports/588562 • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0CVE-2020-5537
https://notcve.org/view.php?id=CVE-2020-5537
25 May 2020 — Cybozu Desktop for Windows 2.0.23 to 2.2.40 allows remote code execution via unspecified vectors. Cybozu Desktop para Windows versiones 2.0.23 hasta 2.2.40, permite una ejecución de código remota por medio de vectores no especificados. • http://jvn.jp/en/jp/JVN59552136/index.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-1885
https://notcve.org/view.php?id=CVE-2020-1885
08 Apr 2020 — Writing to an unprivileged file from a privileged OVRRedir.exe process in Oculus Desktop before 1.44.0.32849 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file. Escribir en un archivo no privilegiado desde un proceso OVRRedir.exe privilegiado en Oculus Desktop versiones anteriores a 1.44.0.32849 en Windows, permite a usuarios locales escribir en archivos arbitrarios y, en consecuencia, conseguir privilegios por medio de ... • https://www.facebook.com/security/advisories/cve-2020-1885 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 1CVE-2020-8140
https://notcve.org/view.php?id=CVE-2020-8140
20 Mar 2020 — A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the environment. Una inyección de código en Nextcloud Desktop Client versión 2.6.2 para macOS, permite cargar código arbitrario cuando se inicia el cliente con DYLD_INSERT_LIBRARIES establecido en el entorno. • https://hackerone.com/reports/633266 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 1CVE-2020-10665
https://notcve.org/view.php?id=CVE-2020-10665
18 Mar 2020 — Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, leading to arbitrary DACL permissions overwrites and arbitrary file writes. This affects Docker Desktop Enterprise before 2.1.0.9, Docker Desktop for Windows Stable before 2.2.0.4, and Docker Desktop for Windows Edge before 2.2.2.0. Docker Desktop permite una escalada de privilegios locales a NT AUTHORITY\SYSTEM porque maneja inapropiadamente la colección... • https://github.com/spaceraccoon/CVE-2020-10665 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1000492
https://notcve.org/view.php?id=CVE-2017-1000492
03 Jan 2018 — Leanote-desktop version v2.5 is vulnerable to a XSS which leads to code execution due to enabled node integration Leanote-desktop v2.5 es vulnerable to XSS, que conduce a la ejecución de código debido a la integración de nodos habilitada. • https://github.com/leanote/desktop-app/commit/a2ed226637f8e66c9b089784b5e58eccf2e2fb30 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-6021
https://notcve.org/view.php?id=CVE-2015-6021
10 Apr 2017 — Spiceworks Desktop before 2015-12-01 has XSS via an SNMP response. Spiceworks Desktop en versiones anteriores a 01-12-2015 tiene un XSS a través de una respuesta SNMP. • https://community.rapid7.com/community/infosec/blog/2015/12/16/multiple-disclosures-for-multiple-network-management-systems • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •