Vulnerabilities > Owncloud > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-19 | CVE-2020-36248 | Cleartext Storage of Sensitive Information vulnerability in Owncloud The ownCloud application before 2.15 for Android allows attackers to use adb to include a PIN preferences value in a backup archive, and consequently bypass the PIN lock feature by restoring from this archive. | 4.6 |
| 2021-02-19 | CVE-2020-36252 | Use of Insufficiently Random Values vulnerability in Owncloud ownCloud Server 10.x before 10.3.1 allows an attacker, who has one outgoing share from a victim, to access any version of any file by sending a request for a predictable ID number. | 5.7 |
| 2021-02-19 | CVE-2020-36251 | Unspecified vulnerability in Owncloud ownCloud Server before 10.3.0 allows an attacker, who has received non-administrative access to a group share, to remove everyone else's access to that share. | 4.3 |
| 2021-02-19 | CVE-2020-36250 | Unspecified vulnerability in Owncloud In the ownCloud application before 2.15 for Android, the lock protection mechanism can be bypassed by moving the system date/time into the past. low complexity owncloud | 4.6 |
| 2021-02-19 | CVE-2020-10254 | Improper Authentication vulnerability in Owncloud An issue was discovered in ownCloud before 10.4. | 5.9 |
| 2021-02-09 | CVE-2020-28644 | Cross-Site Request Forgery (CSRF) vulnerability in Owncloud The CSRF (Cross Site Request Forgery) token check was improperly implemented on cookie authenticated requests against some ocs API endpoints. | 4.3 |
| 2021-02-09 | CVE-2020-16144 | Incorrect Default Permissions vulnerability in Owncloud Files Antivirus When using an object storage like S3 as the file store, when a user creates a public link to a folder where anonymous users can upload files, and another user uploads a virus the files antivirus app would detect the virus but fails to delete it due to permission issues. | 5.7 |
| 2021-01-15 | CVE-2020-16255 | Cross-site Scripting vulnerability in Owncloud ownCloud (Core) before 10.5 allows XSS in login page 'forgot password.' | 6.1 |
| 2020-02-17 | CVE-2015-4715 | Files or Directories Accessible to External Parties vulnerability in Owncloud The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4 when an external Dropbox storage has been mounted, allows remote administrators of Dropbox.com to read arbitrary files via an @ (at sign) character in unspecified POST values. | 4.9 |
| 2020-01-23 | CVE-2014-2050 | Cross-Site Request Forgery (CSRF) vulnerability in Owncloud Cross-site request forgery (CSRF) vulnerability in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to hijack the authentication of users for requests that reset passwords via a crafted HTTP Host header. | 6.5 |