Vulnerabilities > Nextcloud > Desktop > 2.4.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-21 | CVE-2020-8189 | Cross-site Scripting vulnerability in Nextcloud Desktop A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the login attempt. | 3.5 |
| 2020-08-17 | CVE-2020-8230 | Out-of-bounds Write vulnerability in Nextcloud Desktop A memory corruption vulnerability exists in NextCloud Desktop Client v2.6.4 where missing ASLR and DEP protections in for windows allowed to corrupt memory. | 2.1 |
| 2020-08-10 | CVE-2020-8229 | Memory Leak vulnerability in Nextcloud Desktop A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system. | 4.9 |
| 2020-08-10 | CVE-2020-8224 | Code Injection vulnerability in Nextcloud Desktop A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory. | 7.8 |
| 2020-03-20 | CVE-2020-8140 | Code Injection vulnerability in Nextcloud Desktop A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the environment. | 6.7 |