Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Owncloud_desktop_client
(Owncloud)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 5 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-02-26 | CVE-2020-28646 | ownCloud owncloud/client before 2.7 allows DLL Injection. The desktop client loaded development plugins from certain directories when they were present. | Owncloud_desktop_client | 7.8 | ||
| 2022-01-15 | CVE-2021-44537 | ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop client via a URL, leading to remote code execution. | Fedora, Owncloud_desktop_client | 7.8 | ||
| 2015-10-26 | CVE-2015-7298 | ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate. NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression. | Owncloud_desktop_client, Qt | N/A | ||
| 2017-01-23 | CVE-2016-7102 | ownCloud Desktop before 2.2.3 allows local users to execute arbitrary code and possibly gain privileges via a Trojan library in a "special path" in the C: drive. | Owncloud_desktop_client | 8.4 | ||
| 2015-10-26 | CVE-2015-4456 | ownCloud Desktop Client before 1.8.2 does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which allows man-in-the-middle attackers to bypass the user's certificate distrust decision and obtain sensitive information by leveraging a self-signed certificate and a connection to a server using its own self-signed certificate. | Owncloud_desktop_client | N/A |