Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Owncloud Subscribe
Total 167 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-28644 1 Owncloud 1 Owncloud 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
The CSRF (Cross Site Request Forgery) token check was improperly implemented on cookie authenticated requests against some ocs API endpoints. This affects ownCloud/core version < 10.6.
CVE-2020-16255 1 Owncloud 1 Owncloud 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
ownCloud (Core) before 10.5 allows XSS in login page 'forgot password.'
CVE-2020-16144 1 Owncloud 1 Files Antivirus 2024-11-21 3.5 LOW 5.7 MEDIUM
When using an object storage like S3 as the file store, when a user creates a public link to a folder where anonymous users can upload files, and another user uploads a virus the files antivirus app would detect the virus but fails to delete it due to permission issues. This affects the files_antivirus component versions before 0.15.2 for ownCloud.
CVE-2020-10254 1 Owncloud 1 Owncloud 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
An issue was discovered in ownCloud before 10.4. An attacker can bypass authentication on a password-protected image by displaying its preview.
CVE-2020-10252 1 Owncloud 1 Owncloud 2024-11-21 6.5 MEDIUM 8.3 HIGH
An issue was discovered in ownCloud before 10.4. Because of an SSRF issue (via the apps/files_sharing/external remote parameter), an authenticated attacker can interact with local services blindly (aka Blind SSRF) or conduct a Denial Of Service attack.
CVE-2014-2048 1 Owncloud 1 Owncloud 2024-11-21 7.5 HIGH 9.8 CRITICAL
The user_openid app in ownCloud Server before 5.0.15 allows remote attackers to obtain access by leveraging an insecure OpenID implementation.
CVE-2014-1665 1 Owncloud 1 Owncloud 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in ownCloud before 6.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file.