Nextcloud Desktop 3.6.5

CPE Details

Nextcloud Desktop 3.6.5
nextcloud
desktop
3.6.5
2023-04-07
14h12 +00:00
2023-04-07
18h16 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:nextcloud:desktop:3.6.5:*:*:*:*:*:*:*

Informations

Vendor

nextcloud

Product

desktop

Version

3.6.5

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-37885 2024-06-14 15h42 +00:00 The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. A code injection in Nextcloud Desktop Client for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the enviroment. It is recommended that the Nextcloud Desktop client is upgraded to 3.12.0.
7.8
High
CVE-2023-29000 2023-04-04 12h53 +00:00 The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.7.0, by trusting that the server will return a certificate that belongs to the keypair of the user, a malicious server could get the desktop client to encrypt files with a key known to the attacker. This issue is fixed in Nextcloud Desktop 3.7.0. No known workarounds are available.
6.5
Medium
CVE-2023-28999 2023-04-04 12h51 +00:00 Nextcloud is an open-source productivity platform. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app 3.13.0 until 3.25.0, and Nextcloud iOS app 3.0.5 until 4.8.0, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files, recover the folder structure and add new files.​ This issue is fixed in Nextcloud Desktop 3.8.0, Nextcloud Android 3.25.0, and Nextcloud iOS 4.8.0. No known workarounds are available.
6.9
Medium