Vulnerabilities (CVE)

Filtered by vendor Nextcloud Subscribe
Filtered by product Desktop
Total 24 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-8224 1 Nextcloud 1 Desktop 2024-11-21 4.6 MEDIUM 7.8 HIGH
A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory.
CVE-2020-8189 1 Nextcloud 1 Desktop 2024-11-21 3.5 LOW 5.4 MEDIUM
A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the login attempt.
CVE-2020-8140 2 Apple, Nextcloud 2 Macos, Desktop 2024-11-21 4.6 MEDIUM 6.7 MEDIUM
A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the environment.
CVE-2024-46958 2 Linux, Nextcloud 2 Linux Kernel, Desktop 2024-09-20 N/A 9.1 CRITICAL
In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the server and client) may become world writable or world readable. This is fixed in 3.13.4.