Vulnerabilities > Owncloud

DATE CVE VULNERABILITY TITLE RISK
2021-05-20 CVE-2021-29659 Incorrect Authorization vulnerability in Owncloud 10.7.0
ownCloud 10.7 has an incorrect access control vulnerability, leading to remote information disclosure.
network
low complexity
owncloud CWE-863
4.0
2021-02-26 CVE-2020-28646 Uncontrolled Search Path Element vulnerability in Owncloud
ownCloud owncloud/client before 2.7 allows DLL Injection.
4.4
2021-02-19 CVE-2020-36248 Cleartext Storage of Sensitive Information vulnerability in Owncloud
The ownCloud application before 2.15 for Android allows attackers to use adb to include a PIN preferences value in a backup archive, and consequently bypass the PIN lock feature by restoring from this archive.
local
low complexity
owncloud CWE-312
2.1
2021-02-19 CVE-2020-36252 Exposure of Resource TO Wrong Sphere vulnerability in Owncloud
ownCloud Server 10.x before 10.3.1 allows an attacker, who has one outgoing share from a victim, to access any version of any file by sending a request for a predictable ID number.
low complexity
owncloud CWE-668
2.7
2021-02-19 CVE-2020-36251 Improper Privilege Management vulnerability in Owncloud
ownCloud Server before 10.3.0 allows an attacker, who has received non-administrative access to a group share, to remove everyone else's access to that share.
network
low complexity
owncloud CWE-269
4.0
2021-02-19 CVE-2020-36250 Inadequate Encryption Strength vulnerability in Owncloud
In the ownCloud application before 2.15 for Android, the lock protection mechanism can be bypassed by moving the system date/time into the past.
local
low complexity
owncloud CWE-326
2.1
2021-02-19 CVE-2020-36249 Unspecified vulnerability in Owncloud File Firewall
The File Firewall before 2.8.0 for ownCloud Server does not properly enforce file-type restrictions for public shares.
network
low complexity
owncloud
5.0
2021-02-19 CVE-2020-10254 Improper Authentication vulnerability in Owncloud
An issue was discovered in ownCloud before 10.4.
network
owncloud CWE-287
4.3
2021-02-19 CVE-2020-10252 Server-Side Request Forgery (SSRF) vulnerability in Owncloud
An issue was discovered in ownCloud before 10.4.
network
low complexity
owncloud CWE-918
6.5
2021-02-09 CVE-2020-28645 Improper Input Validation vulnerability in Owncloud
Deleting users with certain names caused system files to be deleted.
network
low complexity
owncloud CWE-20
5.0