Vulnerabilities > Nextcloud > Desktop
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-11 | CVE-2022-41882 | Code Injection vulnerability in Nextcloud Desktop 3.6.0 The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. | 7.8 |
| 2021-08-18 | CVE-2021-37617 | Uncontrolled Search Path Element vulnerability in Nextcloud Desktop The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. | 7.3 |
| 2021-08-18 | CVE-2021-32728 | Improper Certificate Validation vulnerability in multiple products The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. | 6.5 |
| 2021-06-11 | CVE-2021-22895 | Improper Certificate Validation vulnerability in multiple products Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register with a Provider" flow. | 4.3 |
| 2021-04-14 | CVE-2021-22879 | Injection vulnerability in multiple products Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. | 8.8 |
| 2020-09-18 | CVE-2020-8225 | Cleartext Storage of Sensitive Information vulnerability in Nextcloud Desktop A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials. | 7.5 |
| 2020-08-21 | CVE-2020-8227 | Path Traversal vulnerability in Nextcloud Desktop Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory. | 7.1 |
| 2020-08-21 | CVE-2020-8189 | Cross-site Scripting vulnerability in Nextcloud Desktop A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the login attempt. | 3.5 |
| 2020-08-17 | CVE-2020-8230 | Out-of-bounds Write vulnerability in Nextcloud Desktop A memory corruption vulnerability exists in NextCloud Desktop Client v2.6.4 where missing ASLR and DEP protections in for windows allowed to corrupt memory. | 2.1 |
| 2020-08-10 | CVE-2020-8229 | Memory Leak vulnerability in Nextcloud Desktop A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system. | 4.9 |