Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
owncloud owncloud vulnerabilities and exploits
(subscribe to this query)
454
VMScore
CVE-2015-7298
ownCloud Desktop Client prior to 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote malicious users to conduct man-in-the-middle (MITM) attacks by leveraging a se...
Owncloud Owncloud Desktop Client
Qt Qt 5.3.0
Qt Qt 5.4.1
445
VMScore
CVE-2022-31649
ownCloud owncloud/core prior to 10.10.0 Improperly Removes Sensitive Information Before Storage or Transfer.
Owncloud Owncloud
445
VMScore
CVE-2021-35947
The public share controller in the ownCloud server before version 10.8.0 allows a remote malicious user to see the internal path and the username of a public share by including invalid characters in the URL.
Owncloud Owncloud
445
VMScore
CVE-2021-35949
The shareinfo controller in the ownCloud Server prior to 10.8.0 allows an malicious user to bypass the permission checks for upload only shares and list metadata about the share.
Owncloud Owncloud
445
VMScore
CVE-2020-36249
The File Firewall prior to 2.8.0 for ownCloud Server does not properly enforce file-type restrictions for public shares.
Owncloud File Firewall
445
VMScore
CVE-2020-28645
Deleting users with certain names caused system files to be deleted. Risk is higher for systems which allow users to register themselves and have the data directory in the web root. This affects ownCloud/core versions < 10.6.
Owncloud Owncloud
445
VMScore
CVE-2017-9339
A logical error in ownCloud Server prior to 10.0.2 caused disclosure of valid share tokens for public calendars. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token.
Owncloud Owncloud
445
VMScore
CVE-2016-9460
Nextcloud Server prior to 9.0.52 & ownCloud Server prior to 9.0.4 are vulnerable to a content-spoofing attack in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and...
Nextcloud Nextcloud
Owncloud Owncloud
445
VMScore
CVE-2016-9467
Nextcloud Server prior to 9.0.54 and 10.0.1 & ownCloud Server prior to 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structu...
Owncloud Owncloud
Nextcloud Nextcloud Server
445
VMScore
CVE-2016-9468
Nextcloud Server prior to 9.0.54 and 10.0.1 & ownCloud Server prior to 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of inf...
Owncloud Owncloud
Nextcloud Nextcloud Server
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »