CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-37617 – Untrusted Search Path in Nextcloud Desktop Client
https://notcve.org/view.php?id=CVE-2021-37617
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. The Nextcloud Desktop Client invokes its uninstaller script when being installed to make sure there are no remnants of previous installations. In versions 3.0.3 through 3.2.4, the Client searches the `Uninstall.exe` file in a folder that can be written by regular users. This could lead to a case where a malicious user creates a malicious `Uninstall.exe`, which would be executed with administrative privileges on the Nextcloud Desktop Client installation. This issue is fixed in Nextcloud Desktop Client version 3.3.0. • https://github.com/nextcloud/desktop/pull/3497 https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6q2w-v879-q24v https://hackerone.com/reports/1240749 • CWE-426: Untrusted Search Path CWE-427: Uncontrolled Search Path Element •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 2CVE-2021-32728 – End-to-end encryption device setup did not verify public key
https://notcve.org/view.php?id=CVE-2021-32728
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. Clients using the Nextcloud end-to-end encryption feature download the public and private key via an API endpoint. In versions prior to 3.3.0, the Nextcloud Desktop client fails to check if a private key belongs to previously downloaded public certificate. If the Nextcloud instance serves a malicious public key, the data would be encrypted for this key and thus could be accessible to a malicious actor. This issue is fixed in Nextcloud Desktop Client version 3.3.0. • https://github.com/nextcloud/desktop/pull/3338 https://github.com/nextcloud/security-advisories/security/advisories/GHSA-f5fr-5gcv-6cc5 https://hackerone.com/reports/1189162 https://www.debian.org/security/2021/dsa-4974 • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-37841
https://notcve.org/view.php?id=CVE-2021-37841
Docker Desktop before 3.6.0 suffers from incorrect access control. If a low-privileged account is able to access the server running the Windows containers, it can lead to a full container compromise in both process isolation and Hyper-V isolation modes. This security issue leads an attacker with low privilege to read, write and possibly even execute code inside the containers. Docker Desktop versiones anteriores a 3.6.0, sufre de un control de acceso incorrecto. Si una cuenta poco privilegiada es capaz de acceder al servidor que ejecuta los contenedores de Windows, puede conllevar a un compromiso del contenedor completo en los modos de aislamiento de procesos y de aislamiento de Hyper-V. • https://docs.docker.com/docker-for-windows/release-notes • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 1CVE-2021-22895
https://notcve.org/view.php?id=CVE-2021-22895
Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register with a Provider" flow. Nextcloud Desktop Client versiones anteriores a 3.3.1, es vulnerable a una comprobación inapropiada de certificados debido a una falta de comprobación de certificados SSL cuando se usa el flujo "Register with a Provider" • https://github.com/nextcloud/desktop/pull/2926 https://github.com/nextcloud/desktop/releases/tag/v3.1.3 https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qpgp-vf4p-wcw5 https://hackerone.com/reports/903424 https://www.debian.org/security/2021/dsa-4974 • CWE-295: Improper Certificate Validation •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 1CVE-2021-22879
https://notcve.org/view.php?id=CVE-2021-22879
Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation. Nextcloud Desktop Client versiones anteriores a 3.1.3, es vulnerable a una inyección de recursos debido a una falta de comprobación de las URL, permitiendo a un servidor malicioso ejecutar comandos remotos. Una interacción del usuario es necesaria para su explotación • https://github.com/nextcloud/desktop/pull/2906 https://hackerone.com/reports/1078002 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTWBJAS5DJJIK7LLVBZZQTSJASUVIRVE https://nextcloud.com/security/advisory/?id=NC-SA-2021-008 https://security.gentoo.org/glsa/202105-37 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •