Vulnerabilities > Pydio

DATE CVE VULNERABILITY TITLE RISK
2020-06-04 CVE-2020-12852 Improper Input Validation vulnerability in Pydio Cells 2.0.4
The update feature for Pydio Cells 2.0.4 allows an administrator user to set a custom update URL and the public RSA key used to validate the downloaded update package.
network
pydio CWE-20
8.5
2020-06-04 CVE-2020-12851 Information Exposure vulnerability in Pydio Cells 2.0.4
Pydio Cells 2.0.4 allows an authenticated user to write or overwrite existing files in another user’s personal and cells folders (repositories) by uploading a custom generated ZIP file and leveraging the file extraction feature present in the web application.
network
low complexity
pydio CWE-200
5.5
2020-06-04 CVE-2020-12847 Improper Input Validation vulnerability in Pydio Cells 2.0.4
Pydio Cells 2.0.4 web application offers an administrative console named “Cells Console” that is available to users with an administrator role.
network
low complexity
pydio CWE-20
6.5
2020-03-17 CVE-2019-20453 Deserialization of Untrusted Data vulnerability in Pydio
A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise before 8.2.4.
network
low complexity
pydio CWE-502
6.5
2020-03-17 CVE-2019-20452 Deserialization of Untrusted Data vulnerability in Pydio
A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise before 8.2.4.
network
low complexity
pydio CWE-502
6.5
2020-02-11 CVE-2013-4267 OS Command Injection vulnerability in Pydio
Ajaxeplorer before 5.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) archive_name parameter to the Power FS module (plugins/action.powerfs/class.PowerFSController.php), a (2) file name to the getTrustSizeOnFileSystem function in the File System (Standard) module (plugins/access.fs/class.fsAccessWrapper.php), or the (3) revision parameter to the Subversion Repository module (plugins/meta.svn/class.SvnManager.php).
network
low complexity
pydio CWE-78
critical
10.0
2019-09-19 CVE-2019-15033 Server-Side Request Forgery (SSRF) vulnerability in Pydio 6.0.8
Pydio 6.0.8 allows Authenticated SSRF during a Remote Link Feature download.
network
low complexity
pydio CWE-918
4.0
2019-09-19 CVE-2019-15032 Information Exposure Through an Error Message vulnerability in Pydio 6.0.8
Pydio 6.0.8 mishandles error reporting when a directory allows unauthenticated uploads, and the remote-upload option is used with the http://localhost:22 URL.
network
low complexity
pydio CWE-209
5.0
2019-06-20 CVE-2019-12903 Information Exposure vulnerability in Pydio Cells
Pydio Cells before 1.5.0, when supplied with a Name field in an unexpected Unicode format, fails to handle this and includes the database column/table name as pert of the error message, exposing sensitive information.
network
low complexity
pydio CWE-200
4.0
2019-06-20 CVE-2019-12902 Information Exposure vulnerability in Pydio Cells
Pydio Cells before 1.5.0 does incomplete cleanup of a user's data upon deletion.
network
low complexity
pydio CWE-200
4.0