Vulnerabilities > Owncloud
|2021-09-08||CVE-2021-40537|| Server-Side Request Forgery (SSRF) vulnerability in Owncloud User Ldap |
Server Side Request Forgery (SSRF) vulnerability exists in owncloud/user_ldap < 0.15.4 in the settings of the user_ldap app.
| 4.0 |
|2021-09-07||CVE-2021-35946|| Improper Privilege Management vulnerability in Owncloud |
A receiver of a federated share with access to the database with ownCloud version before 10.8 could update the permissions and therefore elevate their own permissions.
| 7.5 |
|2021-09-07||CVE-2021-35948|| Session Fixation vulnerability in Owncloud |
Session fixation on password protected public links in the ownCloud Server before 10.8.0 allows an attacker to bypass the password protection when they can force a target client to use a controlled cookie.
| 5.8 |
|2021-09-07||CVE-2021-35947|| Information Exposure Through an Error Message vulnerability in Owncloud |
The public share controller in the ownCloud server before version 10.8.0 allows a remote attacker to see the internal path and the username of a public share by including invalid characters in the URL.
| 5.0 |
|2021-09-07||CVE-2021-35949|| Incorrect Authorization vulnerability in Owncloud |
The shareinfo controller in the ownCloud Server before 10.8.0 allows an attacker to bypass the permission checks for upload only shares and list metadata about the share.
| 5.0 |
|2021-05-20||CVE-2021-29659|| Incorrect Authorization vulnerability in Owncloud 10.7.0 |
ownCloud 10.7 has an incorrect access control vulnerability, leading to remote information disclosure.
| 4.0 |
|2021-02-26||CVE-2020-28646|| Uncontrolled Search Path Element vulnerability in Owncloud |
ownCloud owncloud/client before 2.7 allows DLL Injection.
| 4.4 |
|2021-02-19||CVE-2020-36248|| Cleartext Storage of Sensitive Information vulnerability in Owncloud |
The ownCloud application before 2.15 for Android allows attackers to use adb to include a PIN preferences value in a backup archive, and consequently bypass the PIN lock feature by restoring from this archive.
| 2.1 |
|2021-02-19||CVE-2020-36252|| Exposure of Resource to Wrong Sphere vulnerability in Owncloud |
ownCloud Server 10.x before 10.3.1 allows an attacker, who has one outgoing share from a victim, to access any version of any file by sending a request for a predictable ID number.
| 2.7 |
|2021-02-19||CVE-2020-36251|| Improper Privilege Management vulnerability in Owncloud |
ownCloud Server before 10.3.0 allows an attacker, who has received non-administrative access to a group share, to remove everyone else's access to that share.
| 4.0 |