Vulnerabilities > Owncloud
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-19 | CVE-2020-36252 | Use of Insufficiently Random Values vulnerability in Owncloud ownCloud Server 10.x before 10.3.1 allows an attacker, who has one outgoing share from a victim, to access any version of any file by sending a request for a predictable ID number. | 5.7 |
| 2021-02-19 | CVE-2020-36251 | Unspecified vulnerability in Owncloud ownCloud Server before 10.3.0 allows an attacker, who has received non-administrative access to a group share, to remove everyone else's access to that share. | 4.3 |
| 2021-02-19 | CVE-2020-36250 | Unspecified vulnerability in Owncloud In the ownCloud application before 2.15 for Android, the lock protection mechanism can be bypassed by moving the system date/time into the past. low complexity owncloud | 4.6 |
| 2021-02-19 | CVE-2020-36249 | Unspecified vulnerability in Owncloud File Firewall The File Firewall before 2.8.0 for ownCloud Server does not properly enforce file-type restrictions for public shares. | 7.5 |
| 2021-02-19 | CVE-2020-10254 | Improper Authentication vulnerability in Owncloud An issue was discovered in ownCloud before 10.4. | 5.9 |
| 2021-02-19 | CVE-2020-10252 | Server-Side Request Forgery (SSRF) vulnerability in Owncloud An issue was discovered in ownCloud before 10.4. | 8.3 |
| 2021-02-09 | CVE-2020-28645 | Improper Input Validation vulnerability in Owncloud Deleting users with certain names caused system files to be deleted. | 9.1 |
| 2021-02-09 | CVE-2020-28644 | Cross-Site Request Forgery (CSRF) vulnerability in Owncloud The CSRF (Cross Site Request Forgery) token check was improperly implemented on cookie authenticated requests against some ocs API endpoints. | 4.3 |
| 2021-02-09 | CVE-2020-16144 | Incorrect Default Permissions vulnerability in Owncloud Files Antivirus When using an object storage like S3 as the file store, when a user creates a public link to a folder where anonymous users can upload files, and another user uploads a virus the files antivirus app would detect the virus but fails to delete it due to permission issues. | 5.7 |
| 2021-01-15 | CVE-2020-16255 | Cross-site Scripting vulnerability in Owncloud ownCloud (Core) before 10.5 allows XSS in login page 'forgot password.' | 6.1 |