Vulnerabilities > Owncloud

DATE CVE VULNERABILITY TITLE RISK
2023-11-21 CVE-2023-49103 Unspecified vulnerability in Owncloud Graph API 0.2.0/0.3.0
An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1.
network
low complexity
owncloud
7.5
7.5
2023-11-21 CVE-2023-49104 Open Redirect vulnerability in Owncloud Oauth2
An issue was discovered in ownCloud owncloud/oauth2 before 0.6.1, when Allow Subdomains is enabled.
network
low complexity
owncloud CWE-601
6.1
6.1
2023-11-21 CVE-2023-49105 Improper Authentication vulnerability in Owncloud
An issue was discovered in ownCloud owncloud/core before 10.13.1.
network
low complexity
owncloud CWE-287
critical
 9.8
9.8
2022-11-10 CVE-2022-43679 Unspecified vulnerability in Owncloud
The Docker image of ownCloud Server through 10.11 contains a misconfiguration that renders the trusted_domains config useless.
network
low complexity
owncloud
5.3
5.3
2022-06-09 CVE-2022-31649 Exposure of Resource to Wrong Sphere vulnerability in Owncloud
ownCloud owncloud/core before 10.10.0 Improperly Removes Sensitive Information Before Storage or Transfer.
network
low complexity
owncloud CWE-668
7.5
7.5
2022-01-15 CVE-2021-33827 OS Command Injection vulnerability in Owncloud Files Antivirus
The files_antivirus component before 1.0.0 for ownCloud allows OS Command Injection via the administration settings.
network
low complexity
owncloud CWE-78
7.2
7.2
2022-01-15 CVE-2021-33828 Unrestricted Upload of File with Dangerous Type vulnerability in Owncloud Files Antivirus
The files_antivirus component before 1.0.0 for ownCloud mishandles the protection mechanism by which malicious files (that have been uploaded to a public share) are supposed to be deleted upon detection.
network
low complexity
owncloud CWE-434
8.8
8.8
2022-01-15 CVE-2021-44537 Injection vulnerability in multiple products
ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop client via a URL, leading to remote code execution.
local
low complexity
owncloud fedoraproject CWE-74
7.8
7.8
2021-09-08 CVE-2021-40537 Server-Side Request Forgery (SSRF) vulnerability in Owncloud User Ldap
Server Side Request Forgery (SSRF) vulnerability exists in owncloud/user_ldap < 0.15.4 in the settings of the user_ldap app.
network
low complexity
owncloud CWE-918
2.7
2.7
2021-09-07 CVE-2021-35946 Improper Privilege Management vulnerability in Owncloud
A receiver of a federated share with access to the database with ownCloud version before 10.8 could update the permissions and therefore elevate their own permissions.
network
low complexity
owncloud CWE-269
critical
 9.8
9.8