Vulnerabilities > Owncloud
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-19 | CVE-2020-36248 | Cleartext Storage of Sensitive Information vulnerability in Owncloud The ownCloud application before 2.15 for Android allows attackers to use adb to include a PIN preferences value in a backup archive, and consequently bypass the PIN lock feature by restoring from this archive. | 2.1 |
| 2021-02-19 | CVE-2020-36252 | Exposure of Resource TO Wrong Sphere vulnerability in Owncloud ownCloud Server 10.x before 10.3.1 allows an attacker, who has one outgoing share from a victim, to access any version of any file by sending a request for a predictable ID number. | 2.7 |
| 2021-02-19 | CVE-2020-36251 | Improper Privilege Management vulnerability in Owncloud ownCloud Server before 10.3.0 allows an attacker, who has received non-administrative access to a group share, to remove everyone else's access to that share. | 4.0 |
| 2021-02-19 | CVE-2020-36250 | Inadequate Encryption Strength vulnerability in Owncloud In the ownCloud application before 2.15 for Android, the lock protection mechanism can be bypassed by moving the system date/time into the past. | 2.1 |
| 2021-02-19 | CVE-2020-36249 | Unspecified vulnerability in Owncloud File Firewall The File Firewall before 2.8.0 for ownCloud Server does not properly enforce file-type restrictions for public shares. | 5.0 |
| 2021-02-19 | CVE-2020-10254 | Improper Authentication vulnerability in Owncloud An issue was discovered in ownCloud before 10.4. | 4.3 |
| 2021-02-19 | CVE-2020-10252 | Server-Side Request Forgery (SSRF) vulnerability in Owncloud An issue was discovered in ownCloud before 10.4. | 6.5 |
| 2021-02-09 | CVE-2020-28645 | Improper Input Validation vulnerability in Owncloud Deleting users with certain names caused system files to be deleted. | 5.0 |
| 2021-02-09 | CVE-2020-28644 | Cross-Site Request Forgery (CSRF) vulnerability in Owncloud The CSRF (Cross Site Request Forgery) token check was improperly implemented on cookie authenticated requests against some ocs API endpoints. | 4.3 |
| 2021-02-09 | CVE-2020-16144 | Incorrect Default Permissions vulnerability in Owncloud Files Antivirus When using an object storage like S3 as the file store, when a user creates a public link to a folder where anonymous users can upload files, and another user uploads a virus the files antivirus app would detect the virus but fails to delete it due to permission issues. | 3.5 |