Nextcloud Desktop
27 CVEs affecting Nextcloud Desktop. Latest disclosed: 2025-12-05. Critical: 1, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-46958 | Critical | 9.1 | 2024-09-16 | In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the server and client) may become world writable or world readable. Thi… |
CVE-2021-22879 | High | 8.8 | 2021-04-14 | Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote… |
CVE-2020-8224 | High | 7.8 | 2020-08-10 | A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a malicious OpenSSL config into a fixed directory. |
CVE-2020-8225 | High | 7.5 | 2020-09-18 | A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials. |
CVE-2021-37617 | High | 7.3 | 2021-08-18 | The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. The Nextcloud Desktop Client invokes its uninstaller script… |
CVE-2023-28999 | Medium | 6.9 | 2023-04-04 | Nextcloud is an open-source productivity platform. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app 3.13.0 until 3.25.0, and Nextcloud iOS… |
CVE-2020-8227 | Medium | 6.8 | 2020-08-21 | Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedica… |
CVE-2023-28998 | Medium | 6.7 | 2023-04-04 | The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server a… |
CVE-2023-28997 | Medium | 6.7 | 2023-04-04 | The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server a… |
CVE-2020-8140 | Medium | 6.7 | 2020-03-20 | A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the envi… |
CVE-2022-41882 | Medium | 6.6 | 2022-11-11 | The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. In version 3.6.0, if a user received a malicious file sha… |
CVE-2021-32728 | Medium | 6.5 | 2021-08-18 | The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. Clients using the Nextcloud end-to-end encryption feature do… |
CVE-2021-22895 | Medium | 5.9 | 2021-06-11 | Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when using the "Register wit… |
CVE-2020-8230 | Medium | 5.5 | 2020-08-17 | A memory corruption vulnerability exists in NextCloud Desktop Client v2.6.4 where missing ASLR and DEP protections in for windows allowed to corrupt memory. |
CVE-2020-8229 | Medium | 5.5 | 2020-08-10 | A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS against the host system. |
CVE-2023-29000 | Medium | 5.4 | 2023-04-04 | The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.7.0, by trusting that the… |
CVE-2023-23942 | Medium | 5.4 | 2023-02-06 | The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml… |
CVE-2020-8189 | Medium | 5.4 | 2020-08-21 | A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the log… |
CVE-2023-22472 | Medium | 5.3 | 2023-01-09 | Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. It is possible to make a user… |
CVE-2025-47792 | Medium | 5.0 | 2025-05-16 | Nextcloud Desktop is the desktop sync client for Nextcloud. In versions of Nextcloud Desktop prior to 3.15, 3rdparty applications already installed on a user m… |