Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
owncloud owncloud vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2021-44537
ownCloud owncloud/client prior to 2.9.2 allows Resource Injection by a server into the desktop client via a URL, leading to remote code execution.
Owncloud Owncloud Desktop Client
Fedoraproject Fedora 35
Fedoraproject Fedora 36
6.5
CVSSv2
CVE-2021-33828
The files_antivirus component prior to 1.0.0 for ownCloud mishandles the protection mechanism by which malicious files (that have been uploaded to a public share) are supposed to be deleted upon detection.
Owncloud Files Antivirus
9
CVSSv2
CVE-2021-33827
The files_antivirus component prior to 1.0.0 for ownCloud allows OS Command Injection via the administration settings.
Owncloud Files Antivirus
4
CVSSv2
CVE-2021-40537
Server Side Request Forgery (SSRF) vulnerability exists in owncloud/user_ldap < 0.15.4 in the settings of the user_ldap app. Administration role is necessary for exploitation.
Owncloud User Ldap
7.5
CVSSv2
CVE-2021-35946
A receiver of a federated share with access to the database with ownCloud version prior to 10.8 could update the permissions and therefore elevate their own permissions.
Owncloud Owncloud
5.8
CVSSv2
CVE-2021-35948
Session fixation on password protected public links in the ownCloud Server prior to 10.8.0 allows an malicious user to bypass the password protection when they can force a target client to use a controlled cookie.
Owncloud Owncloud
5
CVSSv2
CVE-2021-35949
The shareinfo controller in the ownCloud Server prior to 10.8.0 allows an malicious user to bypass the permission checks for upload only shares and list metadata about the share.
Owncloud Owncloud
5
CVSSv2
CVE-2021-35947
The public share controller in the ownCloud server before version 10.8.0 allows a remote malicious user to see the internal path and the username of a public share by including invalid characters in the URL.
Owncloud Owncloud
4
CVSSv2
CVE-2021-29659
ownCloud 10.7 has an incorrect access control vulnerability, leading to remote information disclosure. Due to a bug in the related API endpoint, the attacker can enumerate all users in a single request by entering three whitespaces. Secondary, the retrieval of all users on a larg...
Owncloud Owncloud 10.7.0
4.4
CVSSv2
CVE-2020-28646
ownCloud owncloud/client prior to 2.7 allows DLL Injection. The desktop client loaded development plugins from certain directories when they were present.
Owncloud Owncloud Desktop Client
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »