Vulnerabilities > Pydio

DATE CVE VULNERABILITY TITLE RISK
2020-06-11 CVE-2020-12850 Improper Privilege Management vulnerability in Pydio Cells 2.0.4
The following vulnerability applies only to the Pydio Cells Enterprise OVF version 2.0.4.
local
pydio CWE-269
6.9
2020-06-05 CVE-2020-12849 Cross-Site Scripting vulnerability in Pydio Cells 2.0.4
Pydio Cells 2.0.4 allows any user to upload a profile image to the web application, including standard and shared user roles.
network
pydio CWE-79
3.5
2020-06-05 CVE-2020-12848 Incorrect Permission Assignment FOR Critical Resource vulnerability in Pydio Cells 2.0.4
In Pydio Cells 2.0.4, once an authenticated user shares a file selecting the create a public link option, a hidden shared user account is created in the backend with a random username.
network
pydio CWE-732
5.8
2020-06-04 CVE-2020-12853 Cross-Site Scripting vulnerability in Pydio Cells 2.0.4
Pydio Cells 2.0.4 allows XSS.
network
pydio CWE-79
4.3
2020-06-04 CVE-2020-12852 Improper Input Validation vulnerability in Pydio Cells 2.0.4
The update feature for Pydio Cells 2.0.4 allows an administrator user to set a custom update URL and the public RSA key used to validate the downloaded update package.
network
pydio CWE-20
8.5
2020-06-04 CVE-2020-12851 Information Exposure vulnerability in Pydio Cells 2.0.4
Pydio Cells 2.0.4 allows an authenticated user to write or overwrite existing files in another user’s personal and cells folders (repositories) by uploading a custom generated ZIP file and leveraging the file extraction feature present in the web application.
network
low complexity
pydio CWE-200
5.5
2020-06-04 CVE-2020-12847 Improper Input Validation vulnerability in Pydio Cells 2.0.4
Pydio Cells 2.0.4 web application offers an administrative console named “Cells Console” that is available to users with an administrator role.
network
low complexity
pydio CWE-20
6.5
2020-03-17 CVE-2019-20453 Deserialization of Untrusted Data vulnerability in Pydio
A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise before 8.2.4.
network
low complexity
pydio CWE-502
6.5
2020-03-17 CVE-2019-20452 Deserialization of Untrusted Data vulnerability in Pydio
A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise before 8.2.4.
network
low complexity
pydio CWE-502
6.5
2020-02-11 CVE-2013-4267 OS Command Injection vulnerability in Pydio
Ajaxeplorer before 5.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) archive_name parameter to the Power FS module (plugins/action.powerfs/class.PowerFSController.php), a (2) file name to the getTrustSizeOnFileSystem function in the File System (Standard) module (plugins/access.fs/class.fsAccessWrapper.php), or the (3) revision parameter to the Subversion Repository module (plugins/meta.svn/class.SvnManager.php).
network
low complexity
pydio CWE-78
critical
10.0