Vulnerabilities > Nextcloud > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-18 | CVE-2021-37617 | Uncontrolled Search Path Element vulnerability in Nextcloud Desktop The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. | 7.3 |
| 2021-07-12 | CVE-2021-32705 | Improper Control of Interaction Frequency vulnerability in multiple products Nextcloud Server is a Nextcloud package that handles data storage. | 7.5 |
| 2021-07-12 | CVE-2021-32688 | Improper Authorization vulnerability in multiple products Nextcloud Server is a Nextcloud package that handles data storage. | 8.8 |
| 2021-07-12 | CVE-2021-32679 | Improper Encoding or Escaping of Output vulnerability in multiple products Nextcloud Server is a Nextcloud package that handles data storage. | 8.8 |
| 2021-06-01 | CVE-2021-32656 | Improper Access Control vulnerability in Nextcloud Server Nextcloud Server is a Nextcloud package that handles data storage. | 8.6 |
| 2021-04-14 | CVE-2021-22879 | Injection vulnerability in multiple products Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. | 8.8 |
| 2020-09-18 | CVE-2020-8225 | Cleartext Storage of Sensitive Information vulnerability in Nextcloud Desktop A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials. | 7.5 |
| 2020-08-21 | CVE-2020-8227 | Path Traversal vulnerability in Nextcloud Desktop Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory. | 7.1 |
| 2020-08-10 | CVE-2020-8224 | Code Injection vulnerability in Nextcloud Desktop A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory. | 7.8 |
| 2020-05-12 | CVE-2020-8156 | Improper Certificate Validation vulnerability in multiple products A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack. | 7.0 |