Vulnerabilities > Owncloud

DATE CVE VULNERABILITY TITLE RISK
2023-02-13 CVE-2023-23948 SQL Injection vulnerability in Owncloud
The ownCloud Android app allows ownCloud users to access, share, and edit files and folders.
local
low complexity
owncloud CWE-89
5.5
2023-02-13 CVE-2023-24804 Path Traversal vulnerability in Owncloud
The ownCloud Android app allows ownCloud users to access, share, and edit files and folders.
local
low complexity
owncloud CWE-22
4.4
2022-11-10 CVE-2022-43679 Unspecified vulnerability in Owncloud
The Docker image of ownCloud Server through 10.11 contains a misconfiguration that renders the trusted_domains config useless.
network
low complexity
owncloud
5.3
2022-06-09 CVE-2022-31649 Exposure of Resource to Wrong Sphere vulnerability in Owncloud
ownCloud owncloud/core before 10.10.0 Improperly Removes Sensitive Information Before Storage or Transfer.
network
low complexity
owncloud CWE-668
7.5
2022-04-07 CVE-2022-25339 Unspecified vulnerability in Owncloud
ownCloud owncloud/android 2.20 has Incorrect Access Control for local attackers.
local
low complexity
owncloud
2.1
2022-04-07 CVE-2022-25338 Unspecified vulnerability in Owncloud
ownCloud owncloud/android before 2.20 has Incorrect Access Control for physically proximate attackers.
local
low complexity
owncloud
4.6
2022-01-15 CVE-2021-33827 OS Command Injection vulnerability in Owncloud Files Antivirus
The files_antivirus component before 1.0.0 for ownCloud allows OS Command Injection via the administration settings.
network
low complexity
owncloud CWE-78
critical
9.0
2022-01-15 CVE-2021-33828 Unrestricted Upload of File with Dangerous Type vulnerability in Owncloud Files Antivirus
The files_antivirus component before 1.0.0 for ownCloud mishandles the protection mechanism by which malicious files (that have been uploaded to a public share) are supposed to be deleted upon detection.
network
low complexity
owncloud CWE-434
6.5
2022-01-15 CVE-2021-44537 Injection vulnerability in multiple products
ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop client via a URL, leading to remote code execution.
6.8
2021-09-08 CVE-2021-40537 Server-Side Request Forgery (SSRF) vulnerability in Owncloud User Ldap
Server Side Request Forgery (SSRF) vulnerability exists in owncloud/user_ldap < 0.15.4 in the settings of the user_ldap app.
network
low complexity
owncloud CWE-918
4.0