Known Vulnerabilities for products from Owncloud
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Owncloud".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-40537 | Server Side Request Forgery (SSRF) vulnerability exists in owncloud/user_ldap < 0.15.4 in the settings of the user_ldap app. ... | 2.7 - LOW | 2021-09-08 | 2021-09-15 |
| CVE-2021-35949 | The shareinfo controller in the ownCloud Server before 10.8.0 allows an attacker to bypass the permission checks for upload o... | 5.3 - MEDIUM | 2021-09-07 | 2021-09-14 |
| CVE-2021-35948 | Session fixation on password protected public links in the ownCloud Server before 10.8.0 allows an attacker to bypass the pas... | 5.4 - MEDIUM | 2021-09-07 | 2021-09-15 |
| CVE-2021-35947 | The public share controller in the ownCloud server before version 10.8.0 allows a remote attacker to see the internal path an... | 5.3 - MEDIUM | 2021-09-07 | 2021-09-14 |
| CVE-2021-35946 | A receiver of a federated share with access to the database with ownCloud version before 10.8 could update the permissions an... | 9.8 - CRITICAL | 2021-09-07 | 2021-09-14 |
| CVE-2021-33828 | The files_antivirus component before 1.0.0 for ownCloud mishandles the protection mechanism by which malicious files (that ha... | 8.8 - HIGH | 2022-01-15 | 2022-01-21 |
| CVE-2021-33827 | The files_antivirus component before 1.0.0 for ownCloud allows OS Command Injection via the administration settings. | 7.2 - HIGH | 2022-01-15 | 2022-01-21 |
| CVE-2021-29659 | ownCloud 10.7 has an incorrect access control vulnerability, leading to remote information disclosure. Due to a bug in the re... | 6.5 - MEDIUM | 2021-05-20 | 2022-07-12 |
| CVE-2020-36252 | ownCloud Server 10.x before 10.3.1 allows an attacker, who has one outgoing share from a victim, to access any version of any... | 5.7 - MEDIUM | 2021-02-19 | 2021-07-21 |
| CVE-2020-36251 | ownCloud Server before 10.3.0 allows an attacker, who has received non-administrative access to a group share, to remove ever... | 4.3 - MEDIUM | 2021-02-19 | 2021-07-21 |
| CVE-2020-36250 | In the ownCloud application before 2.15 for Android, the lock protection mechanism can be bypassed by moving the system date/... | 4.6 - MEDIUM | 2021-02-19 | 2021-07-21 |
| CVE-2020-36249 | The File Firewall before 2.8.0 for ownCloud Server does not properly enforce file-type restrictions for public shares. | 7.5 - HIGH | 2021-02-19 | 2023-11-07 |
| CVE-2020-36248 | The ownCloud application before 2.15 for Android allows attackers to use adb to include a PIN preferences value in a backup a... | 4.6 - MEDIUM | 2021-02-19 | 2021-02-25 |
| CVE-2020-28646 | ownCloud owncloud/client before 2.7 allows DLL Injection. The desktop client loaded development plugins from certain director... | 7.8 - HIGH | 2021-02-26 | 2022-09-21 |
| CVE-2020-28645 | Deleting users with certain names caused system files to be deleted. Risk is higher for systems which allow users to register... | 9.1 - CRITICAL | 2021-02-09 | 2021-02-16 |
| CVE-2020-28644 | The CSRF (Cross Site Request Forgery) token check was improperly implemented on cookie authenticated requests against some oc... | 4.3 - MEDIUM | 2021-02-09 | 2021-02-16 |
| CVE-2020-16255 | ownCloud (Core) before 10.5 allows XSS in login page 'forgot password.' | 6.1 - MEDIUM | 2021-01-15 | 2021-01-21 |
| CVE-2020-16144 | When using an object storage like S3 as the file store, when a user creates a public link to a folder where anonymous users c... | 5.7 - MEDIUM | 2021-02-09 | 2021-02-18 |
| CVE-2020-10254 | An issue was discovered in ownCloud before 10.4. An attacker can bypass authentication on a password-protected image by displ... | 5.9 - MEDIUM | 2021-02-19 | 2021-02-25 |
| CVE-2020-10252 | An issue was discovered in ownCloud before 10.4. Because of an SSRF issue (via the apps/files_sharing/external remote paramet... | 8.3 - HIGH | 2021-02-19 | 2021-02-25 |
Known software with vulnerabilities from Owncloud
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Owncloud | Files Antivirus | 0.7.0 |
| Application | Owncloud | Owncloud | - |
| Application | Owncloud | Owncloud Client | 1.0.1 |
| Application | Owncloud | Owncloud Desktop | 2.2.2 |