Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
owncloud owncloud vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2021-44537
ownCloud owncloud/client prior to 2.9.2 allows Resource Injection by a server into the desktop client via a URL, leading to remote code execution.
Owncloud Owncloud Desktop Client
Fedoraproject Fedora 35
Fedoraproject Fedora 36
7.8
CVSSv3
CVE-2020-28646
ownCloud owncloud/client prior to 2.7 allows DLL Injection. The desktop client loaded development plugins from certain directories when they were present.
Owncloud Owncloud Desktop Client
7.5
CVSSv3
CVE-2023-49103
An issue exists in ownCloud owncloud/graphapi 0.2.x prior to 0.2.1 and 0.3.x prior to 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This...
Owncloud Graph Api 0.3.0
Owncloud Graph Api 0.2.0
3 Github repositories
1 Article
7.5
CVSSv3
CVE-2022-31649
ownCloud owncloud/core prior to 10.10.0 Improperly Removes Sensitive Information Before Storage or Transfer.
Owncloud Owncloud
7.5
CVSSv3
CVE-2020-36249
The File Firewall prior to 2.8.0 for ownCloud Server does not properly enforce file-type restrictions for public shares.
Owncloud File Firewall
7.2
CVSSv3
CVE-2021-33827
The files_antivirus component prior to 1.0.0 for ownCloud allows OS Command Injection via the administration settings.
Owncloud Files Antivirus
6.8
CVSSv3
CVE-2022-25338
ownCloud owncloud/android prior to 2.20 has Incorrect Access Control for physically proximate attackers.
Owncloud Owncloud
6.5
CVSSv3
CVE-2021-29659
ownCloud 10.7 has an incorrect access control vulnerability, leading to remote information disclosure. Due to a bug in the related API endpoint, the attacker can enumerate all users in a single request by entering three whitespaces. Secondary, the retrieval of all users on a larg...
Owncloud Owncloud 10.7.0
6.5
CVSSv3
CVE-2014-2050
Cross-site request forgery (CSRF) vulnerability in ownCloud Server prior to 5.0.15 and 6.0.x prior to 6.0.2 allows remote malicious users to hijack the authentication of users for requests that reset passwords via a crafted HTTP Host header.
Owncloud Owncloud
6.5
CVSSv3
CVE-2017-9340
An attacker is logged in as a normal user and can somehow make admin to delete shared folders in ownCloud Server prior to 10.0.2.
Owncloud Owncloud
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »