Known Vulnerabilities for products from Owncloud

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Owncloud".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2023-49105 json 9.8 - CRITICAL 2023-11-21 2023-11-30
CVE-2023-49104 json 6.1 - MEDIUM 2023-11-21 2023-12-01
CVE-2023-49103 json 7.5 - HIGH 2023-11-21 2023-12-05
CVE-2023-24804 json The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Prior to version 3.0, the app ha... 4.4 - MEDIUM 2023-02-13 2023-02-22
CVE-2023-23948 json The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Version 2.21.1 of the ownCloud A... 5.5 - MEDIUM 2023-02-13 2023-02-21
CVE-2022-43679 json The Docker image of ownCloud Server through 10.11 contains a misconfiguration that renders the trusted_domains config useless... 5.3 - MEDIUM 2022-11-10 2022-11-15
CVE-2022-31649 json ownCloud owncloud/core before 10.10.0 Improperly Removes Sensitive Information Before Storage or Transfer. 7.5 - HIGH 2022-06-09 2022-11-29
CVE-2022-25339 json ownCloud owncloud/android 2.20 has Incorrect Access Control for local attackers. 5.5 - MEDIUM 2022-04-07 2022-04-15
CVE-2022-25338 json ownCloud owncloud/android before 2.20 has Incorrect Access Control for physically proximate attackers. 6.8 - MEDIUM 2022-04-07 2022-04-13
CVE-2021-44537 json ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop client via a URL, leading to rem... 7.8 - HIGH 2022-01-15 2023-11-07
CVE-2021-40537 json Server Side Request Forgery (SSRF) vulnerability exists in owncloud/user_ldap < 0.15.4 in the settings of the user_ldap app. ... 2.7 - LOW 2021-09-08 2021-09-15
CVE-2021-35949 json The shareinfo controller in the ownCloud Server before 10.8.0 allows an attacker to bypass the permission checks for upload o... 5.3 - MEDIUM 2021-09-07 2021-09-14
CVE-2021-35948 json Session fixation on password protected public links in the ownCloud Server before 10.8.0 allows an attacker to bypass the pas... 5.4 - MEDIUM 2021-09-07 2021-09-15
CVE-2021-35947 json The public share controller in the ownCloud server before version 10.8.0 allows a remote attacker to see the internal path an... 5.3 - MEDIUM 2021-09-07 2021-09-14
CVE-2021-35946 json A receiver of a federated share with access to the database with ownCloud version before 10.8 could update the permissions an... 9.8 - CRITICAL 2021-09-07 2021-09-14
CVE-2021-33828 json The files_antivirus component before 1.0.0 for ownCloud mishandles the protection mechanism by which malicious files (that ha... 8.8 - HIGH 2022-01-15 2022-01-21
CVE-2021-33827 json The files_antivirus component before 1.0.0 for ownCloud allows OS Command Injection via the administration settings. 7.2 - HIGH 2022-01-15 2022-01-21
CVE-2021-29659 json ownCloud 10.7 has an incorrect access control vulnerability, leading to remote information disclosure. Due to a bug in the re... 6.5 - MEDIUM 2021-05-20 2022-07-12
CVE-2020-36252 json ownCloud Server 10.x before 10.3.1 allows an attacker, who has one outgoing share from a victim, to access any version of any... 5.7 - MEDIUM 2021-02-19 2021-07-21
CVE-2020-36251 json ownCloud Server before 10.3.0 allows an attacker, who has received non-administrative access to a group share, to remove ever... 4.3 - MEDIUM 2021-02-19 2021-07-21
Results limited to 20 most recent vulnerabilities

Known software with vulnerabilities from Owncloud

Type Vendor Product Version
ApplicationOwncloudFiles Antivirus0.11.2
ApplicationOwncloudOwncloud-
ApplicationOwncloudOwncloud Client1.0.1
ApplicationOwncloudOwncloud Desktop2.2.2