Vulnerabilities > Pydio > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-17 | CVE-2019-20453 | Deserialization of Untrusted Data vulnerability in Pydio A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise before 8.2.4. | 6.5 |
| 2020-03-17 | CVE-2019-20452 | Deserialization of Untrusted Data vulnerability in Pydio A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise before 8.2.4. | 6.5 |
| 2019-09-19 | CVE-2019-15033 | Server-Side Request Forgery (SSRF) vulnerability in Pydio 6.0.8 Pydio 6.0.8 allows Authenticated SSRF during a Remote Link Feature download. | 4.0 |
| 2019-09-19 | CVE-2019-15032 | Information Exposure Through an Error Message vulnerability in Pydio 6.0.8 Pydio 6.0.8 mishandles error reporting when a directory allows unauthenticated uploads, and the remote-upload option is used with the http://localhost:22 URL. | 5.0 |
| 2019-06-20 | CVE-2019-12903 | Information Exposure vulnerability in Pydio Cells Pydio Cells before 1.5.0, when supplied with a Name field in an unexpected Unicode format, fails to handle this and includes the database column/table name as pert of the error message, exposing sensitive information. | 4.0 |
| 2019-06-20 | CVE-2019-12902 | Information Exposure vulnerability in Pydio Cells Pydio Cells before 1.5.0 does incomplete cleanup of a user's data upon deletion. | 4.0 |
| 2019-06-20 | CVE-2019-12901 | Path Traversal vulnerability in Pydio Cells Pydio Cells before 1.5.0 fails to neutralize '../' elements, allowing an attacker with minimum privilege to Upload files to, and Delete files/folders from, an unprivileged directory, leading to Privilege escalation. | 6.5 |
| 2019-05-31 | CVE-2019-10049 | Cross-site Scripting vulnerability in Pydio It is possible for an attacker with regular user access to the web application of Pydio through 8.2.2 to trick an administrator user into opening a link shared through the application, that in turn opens a shared file that contains JavaScript code (that is executed in the context of the victim user to obtain sensitive information such as session identifiers and perform actions on behalf of him/her). | 4.9 |
| 2019-05-31 | CVE-2019-10046 | Missing Authentication for Critical Function vulnerability in Pydio 8.2.2 An unauthenticated attacker can obtain information about the Pydio 8.2.2 configuration including session timeout, libraries, and license information. | 5.0 |
| 2019-05-31 | CVE-2019-10045 | Session Fixation vulnerability in Pydio The "action" get_sess_id in the web application of Pydio through 8.2.2 discloses the session cookie value in the response body, enabling scripts to get access to its value. | 6.4 |