Vulnerabilities > Nextcloud > Desktop

DATE CVE VULNERABILITY TITLE RISK
2022-11-25 CVE-2022-39331 Unspecified vulnerability in Nextcloud Desktop
Nexcloud desktop is the Desktop sync client for Nextcloud.
network
low complexity
nextcloud
5.4
2022-11-25 CVE-2022-39334 Unspecified vulnerability in Nextcloud Desktop
Nextcloud also ships a CLI utility called nextcloudcmd which is sometimes used for automated scripting and headless servers.
local
high complexity
nextcloud
4.7
2022-11-11 CVE-2022-41882 Code Injection vulnerability in Nextcloud Desktop 3.6.0
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer.
local
low complexity
nextcloud CWE-94
7.8
2021-08-18 CVE-2021-37617 Uncontrolled Search Path Element vulnerability in Nextcloud Desktop
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer.
local
low complexity
nextcloud CWE-427
7.3
2021-08-18 CVE-2021-32728 The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer.
network
low complexity
nextcloud debian
6.5
2021-06-11 CVE-2021-22895 Improper Certificate Validation vulnerability in multiple products
Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register with a Provider" flow.
network
high complexity
nextcloud debian CWE-295
5.9
2021-04-14 CVE-2021-22879 Injection vulnerability in multiple products
Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands.
network
low complexity
nextcloud fedoraproject CWE-74
8.8
2020-09-18 CVE-2020-8225 Cleartext Storage of Sensitive Information vulnerability in Nextcloud Desktop
A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials.
network
low complexity
nextcloud CWE-312
7.5
2020-08-21 CVE-2020-8227 Path Traversal vulnerability in Nextcloud Desktop
Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory.
network
low complexity
nextcloud CWE-22
6.8
2020-08-21 CVE-2020-8189 Cross-site Scripting vulnerability in Nextcloud Desktop
A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the login attempt.
network
low complexity
nextcloud CWE-79
5.4