Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
owncloud owncloud vulnerabilities and exploits
(subscribe to this query)
5.1
CVSSv2
CVE-2015-7298
ownCloud Desktop Client prior to 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote malicious users to conduct man-in-the-middle (MITM) attacks by leveraging a se...
Owncloud Owncloud Desktop Client
Qt Qt 5.4.1
Qt Qt 5.3.0
5
CVSSv2
CVE-2022-31649
ownCloud owncloud/core prior to 10.10.0 Improperly Removes Sensitive Information Before Storage or Transfer.
Owncloud Owncloud
5
CVSSv2
CVE-2021-35949
The shareinfo controller in the ownCloud Server prior to 10.8.0 allows an malicious user to bypass the permission checks for upload only shares and list metadata about the share.
Owncloud Owncloud
5
CVSSv2
CVE-2021-35947
The public share controller in the ownCloud server before version 10.8.0 allows a remote malicious user to see the internal path and the username of a public share by including invalid characters in the URL.
Owncloud Owncloud
5
CVSSv2
CVE-2020-36249
The File Firewall prior to 2.8.0 for ownCloud Server does not properly enforce file-type restrictions for public shares.
Owncloud File Firewall
5
CVSSv2
CVE-2020-28645
Deleting users with certain names caused system files to be deleted. Risk is higher for systems which allow users to register themselves and have the data directory in the web root. This affects ownCloud/core versions < 10.6.
Owncloud Owncloud
5
CVSSv2
CVE-2017-9339
A logical error in ownCloud Server prior to 10.0.2 caused disclosure of valid share tokens for public calendars. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token.
Owncloud Owncloud
5
CVSSv2
CVE-2016-9460
Nextcloud Server prior to 9.0.52 & ownCloud Server prior to 9.0.4 are vulnerable to a content-spoofing attack in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and...
Nextcloud Nextcloud
Owncloud Owncloud
5
CVSSv2
CVE-2016-9467
Nextcloud Server prior to 9.0.54 and 10.0.1 & ownCloud Server prior to 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structu...
Owncloud Owncloud
Nextcloud Nextcloud Server
5
CVSSv2
CVE-2016-9468
Nextcloud Server prior to 9.0.54 and 10.0.1 & ownCloud Server prior to 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of inf...
Owncloud Owncloud
Nextcloud Nextcloud Server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »