Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Owncloud
(Owncloud)| Repositories |
• https://github.com/owncloud/core
• https://github.com/nextcloud/server • https://github.com/nextcloud/gallery • https://github.com/nextcloud/apps • https://github.com/icewind1991/SMB |
| #Vulnerabilities | 154 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-04-07 | CVE-2022-25339 | ownCloud owncloud/android 2.20 has Incorrect Access Control for local attackers. | Owncloud | 5.5 | ||
| 2022-04-07 | CVE-2022-25338 | ownCloud owncloud/android before 2.20 has Incorrect Access Control for physically proximate attackers. | Owncloud | 6.8 | ||
| 2021-09-07 | CVE-2021-35948 | Session fixation on password protected public links in the ownCloud Server before 10.8.0 allows an attacker to bypass the password protection when they can force a target client to use a controlled cookie. | Owncloud | 5.4 | ||
| 2021-09-07 | CVE-2021-35947 | The public share controller in the ownCloud server before version 10.8.0 allows a remote attacker to see the internal path and the username of a public share by including invalid characters in the URL. | Owncloud | 5.3 | ||
| 2021-09-07 | CVE-2021-35949 | The shareinfo controller in the ownCloud Server before 10.8.0 allows an attacker to bypass the permission checks for upload only shares and list metadata about the share. | Owncloud | 5.3 | ||
| 2021-09-07 | CVE-2021-35946 | A receiver of a federated share with access to the database with ownCloud version before 10.8 could update the permissions and therefore elevate their own permissions. | Owncloud | 9.8 | ||
| 2015-10-29 | CVE-2015-5955 | ownCloud iOS app before 3.4.4 does not properly switch state between multiple instances, which might allow remote instance administrators to obtain sensitive credential and cookie information by reading authentication headers. | Owncloud | N/A | ||
| 2021-02-19 | CVE-2020-36250 | In the ownCloud application before 2.15 for Android, the lock protection mechanism can be bypassed by moving the system date/time into the past. | Owncloud | 4.6 | ||
| 2021-02-19 | CVE-2020-36251 | ownCloud Server before 10.3.0 allows an attacker, who has received non-administrative access to a group share, to remove everyone else's access to that share. | Owncloud | 4.3 | ||
| 2021-02-19 | CVE-2020-36252 | ownCloud Server 10.x before 10.3.1 allows an attacker, who has one outgoing share from a victim, to access any version of any file by sending a request for a predictable ID number. | Owncloud | 5.7 |