Vulnerabilities > Owncloud

DATE CVE VULNERABILITY TITLE RISK
2021-02-19 CVE-2020-36248 Cleartext Storage of Sensitive Information vulnerability in Owncloud
The ownCloud application before 2.15 for Android allows attackers to use adb to include a PIN preferences value in a backup archive, and consequently bypass the PIN lock feature by restoring from this archive.
local
low complexity
owncloud CWE-312
2.1
2021-02-19 CVE-2020-36252 Exposure of Resource TO Wrong Sphere vulnerability in Owncloud
ownCloud Server 10.x before 10.3.1 allows an attacker, who has one outgoing share from a victim, to access any version of any file by sending a request for a predictable ID number.
low complexity
owncloud CWE-668
2.7
2021-02-19 CVE-2020-36251 Improper Privilege Management vulnerability in Owncloud
ownCloud Server before 10.3.0 allows an attacker, who has received non-administrative access to a group share, to remove everyone else's access to that share.
network
low complexity
owncloud CWE-269
4.0
2021-02-19 CVE-2020-36250 Inadequate Encryption Strength vulnerability in Owncloud
In the ownCloud application before 2.15 for Android, the lock protection mechanism can be bypassed by moving the system date/time into the past.
local
low complexity
owncloud CWE-326
2.1
2021-02-19 CVE-2020-36249 Unspecified vulnerability in Owncloud File Firewall
The File Firewall before 2.8.0 for ownCloud Server does not properly enforce file-type restrictions for public shares.
network
low complexity
owncloud
5.0
2021-02-19 CVE-2020-10254 Improper Authentication vulnerability in Owncloud
An issue was discovered in ownCloud before 10.4.
network
owncloud CWE-287
4.3
2021-02-19 CVE-2020-10252 Server-Side Request Forgery (SSRF) vulnerability in Owncloud
An issue was discovered in ownCloud before 10.4.
network
low complexity
owncloud CWE-918
6.5
2021-02-09 CVE-2020-28645 Improper Input Validation vulnerability in Owncloud
Deleting users with certain names caused system files to be deleted.
network
low complexity
owncloud CWE-20
5.0
2021-02-09 CVE-2020-28644 Cross-Site Request Forgery (CSRF) vulnerability in Owncloud
The CSRF (Cross Site Request Forgery) token check was improperly implemented on cookie authenticated requests against some ocs API endpoints.
network
owncloud CWE-352
4.3
2021-02-09 CVE-2020-16144 Incorrect Default Permissions vulnerability in Owncloud Files Antivirus
When using an object storage like S3 as the file store, when a user creates a public link to a folder where anonymous users can upload files, and another user uploads a virus the files antivirus app would detect the virus but fails to delete it due to permission issues.
network
owncloud CWE-276
3.5