Shodan
Vulnerabilities
Vulnerable Software
Owncloud:  Security Vulnerabilities
CVE-2020-10252
An issue was discovered in ownCloud before 10.4. Because of an SSRF issue (via the apps/files_sharing/external remote parameter), an authenticated attacker can interact with local services blindly (aka Blind SSRF) or conduct a Denial Of Service attack.
CVSS Score
8.3
EPSS Score
0.006
Published
2021-02-19
CVE-2020-10254
An issue was discovered in ownCloud before 10.4. An attacker can bypass authentication on a password-protected image by displaying its preview.
CVSS Score
5.9
EPSS Score
0.003
Published
2021-02-19
CVE-2020-36249
The File Firewall before 2.8.0 for ownCloud Server does not properly enforce file-type restrictions for public shares.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-02-19
CVE-2020-36250
In the ownCloud application before 2.15 for Android, the lock protection mechanism can be bypassed by moving the system date/time into the past.
CVSS Score
6.1
EPSS Score
0.001
Published
2021-02-19
CVE-2020-36251
ownCloud Server before 10.3.0 allows an attacker, who has received non-administrative access to a group share, to remove everyone else's access to that share.
CVSS Score
3.5
EPSS Score
0.002
Published
2021-02-19
CVE-2020-36252
ownCloud Server 10.x before 10.3.1 allows an attacker, who has one outgoing share from a victim, to access any version of any file by sending a request for a predictable ID number.
CVSS Score
6.8
EPSS Score
0.001
Published
2021-02-19
CVE-2020-28644
The CSRF (Cross Site Request Forgery) token check was improperly implemented on cookie authenticated requests against some ocs API endpoints. This affects ownCloud/core version < 10.6.
CVSS Score
4.3
EPSS Score
0.001
Published
2021-02-09
CVE-2020-28645
Deleting users with certain names caused system files to be deleted. Risk is higher for systems which allow users to register themselves and have the data directory in the web root. This affects ownCloud/core versions < 10.6.
CVSS Score
9.1
EPSS Score
0.003
Published
2021-02-09
CVE-2020-16144
When using an object storage like S3 as the file store, when a user creates a public link to a folder where anonymous users can upload files, and another user uploads a virus the files antivirus app would detect the virus but fails to delete it due to permission issues. This affects the files_antivirus component versions before 0.15.2 for ownCloud.
CVSS Score
5.7
EPSS Score
0.002
Published
2021-02-09
CVE-2020-16255
ownCloud (Core) before 10.5 allows XSS in login page 'forgot password.'
CVSS Score
6.1
EPSS Score
0.004
Published
2021-01-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved