Vulnerabilities > Owncloud
|2022-11-10||CVE-2022-43679|| Unspecified vulnerability in Owncloud |
The Docker image of ownCloud Server through 10.11 contains a misconfiguration that renders the trusted_domains config useless.
| 5.3 |
|2022-06-09||CVE-2022-31649|| Exposure of Resource to Wrong Sphere vulnerability in Owncloud |
ownCloud owncloud/core before 10.10.0 Improperly Removes Sensitive Information Before Storage or Transfer.
| 7.5 |
|2022-04-07||CVE-2022-25339|| Unspecified vulnerability in Owncloud |
ownCloud owncloud/android 2.20 has Incorrect Access Control for local attackers.
| 2.1 |
|2022-04-07||CVE-2022-25338|| Unspecified vulnerability in Owncloud |
ownCloud owncloud/android before 2.20 has Incorrect Access Control for physically proximate attackers.
| 4.6 |
|2022-01-15||CVE-2021-33827|| OS Command Injection vulnerability in Owncloud Files Antivirus |
The files_antivirus component before 1.0.0 for ownCloud allows OS Command Injection via the administration settings.
| 9.0 |
|2022-01-15||CVE-2021-33828|| Unrestricted Upload of File with Dangerous Type vulnerability in Owncloud Files Antivirus |
The files_antivirus component before 1.0.0 for ownCloud mishandles the protection mechanism by which malicious files (that have been uploaded to a public share) are supposed to be deleted upon detection.
| 6.5 |
|2022-01-15||CVE-2021-44537|| Injection vulnerability in multiple products |
ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop client via a URL, leading to remote code execution.
| 6.8 |
|2021-09-08||CVE-2021-40537|| Server-Side Request Forgery (SSRF) vulnerability in Owncloud User Ldap |
Server Side Request Forgery (SSRF) vulnerability exists in owncloud/user_ldap < 0.15.4 in the settings of the user_ldap app.
| 4.0 |
|2021-09-07||CVE-2021-35946|| Improper Privilege Management vulnerability in Owncloud |
A receiver of a federated share with access to the database with ownCloud version before 10.8 could update the permissions and therefore elevate their own permissions.
| 7.5 |
|2021-09-07||CVE-2021-35948|| Session Fixation vulnerability in Owncloud |
Session fixation on password protected public links in the ownCloud Server before 10.8.0 allows an attacker to bypass the password protection when they can force a target client to use a controlled cookie.
| 5.8 |