Vulnerabilities > Nextcloud > Desktop > High

DATE CVE VULNERABILITY TITLE RISK
2024-06-14 CVE-2024-37885 Code Injection vulnerability in Nextcloud Desktop
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer.
local
low complexity
nextcloud CWE-94
7.8
2023-01-09 CVE-2023-22472 Cross-Site Request Forgery (CSRF) vulnerability in Nextcloud Desktop 3.6.1
Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud.
network
low complexity
nextcloud CWE-352
8.8
2022-11-11 CVE-2022-41882 Code Injection vulnerability in Nextcloud Desktop 3.6.0
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer.
local
low complexity
nextcloud CWE-94
7.8
2021-08-18 CVE-2021-37617 Uncontrolled Search Path Element vulnerability in Nextcloud Desktop
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer.
local
low complexity
nextcloud CWE-427
7.3
2021-04-14 CVE-2021-22879 Injection vulnerability in multiple products
Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands.
network
low complexity
nextcloud fedoraproject CWE-74
8.8
2020-09-18 CVE-2020-8225 Cleartext Storage of Sensitive Information vulnerability in Nextcloud Desktop
A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials.
network
low complexity
nextcloud CWE-312
7.5
2020-08-10 CVE-2020-8224 Code Injection vulnerability in Nextcloud Desktop
A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory.
local
low complexity
nextcloud CWE-94
7.8