Vulnerabilities > Nextcloud > Desktop > 3.0.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-04 | CVE-2023-28998 | Missing Required Cryptographic Step vulnerability in Nextcloud Desktop The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. | 6.1 |
| 2023-04-04 | CVE-2023-28999 | Missing Encryption of Sensitive Data vulnerability in Nextcloud Desktop Nextcloud is an open-source productivity platform. | 6.4 |
| 2023-02-06 | CVE-2023-23942 | Cross-site Scripting vulnerability in Nextcloud Desktop The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. | 6.1 |
| 2022-11-25 | CVE-2022-39332 | Cross-site Scripting vulnerability in Nextcloud Desktop Nexcloud desktop is the Desktop sync client for Nextcloud. | 5.4 |
| 2022-11-25 | CVE-2022-39333 | Cross-site Scripting vulnerability in Nextcloud Desktop Nexcloud desktop is the Desktop sync client for Nextcloud. | 6.1 |
| 2022-11-25 | CVE-2022-39331 | Cross-site Scripting vulnerability in Nextcloud Desktop Nexcloud desktop is the Desktop sync client for Nextcloud. | 5.4 |
| 2022-11-25 | CVE-2022-39334 | Improper Certificate Validation vulnerability in Nextcloud Desktop Nextcloud also ships a CLI utility called nextcloudcmd which is sometimes used for automated scripting and headless servers. | 4.7 |
| 2021-08-18 | CVE-2021-32728 | Improper Certificate Validation vulnerability in multiple products The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. | 6.5 |
| 2021-06-11 | CVE-2021-22895 | Improper Certificate Validation vulnerability in multiple products Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register with a Provider" flow. | 4.3 |
| 2021-04-14 | CVE-2021-22879 | Injection vulnerability in multiple products Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. | 8.8 |