7 matches found
CVE-2022-25338
ownCloud owncloud/android before 2.20 has Incorrect Access Control for physically proximate attackers, enabling a local bypass of the app lock. This is supported by NVD, Red Hat, OSV, and the official ownCloud advisory. Exploitation details are not provided in the connected documents, and no fixe...
CVE-2022-25339
CVE-2022-25339 affects the ownCloud Android client, specifically version 2.20 . The issue is described as an Incorrect Access Control vulnerability that enables a local attacker with access to the device to access internal app files. The core impact is exposure of internal files due to permissive...
CVE-2020-36250
The CVE-2020-36250 entry applies to the ownCloud Android client, affected versions prior to 2.15. The vulnerability arises from a bypass of the lock protection mechanism when the system date/time is moved to the past. The connected sources confirm this behavior but do not provide a published reme...
CVE-2023-24804
Summary: The ownCloud Android app (prior to v3.0) has an incomplete fix for a path traversal issue, with two bypass methods that can disclose information when uploading internal files and allow arbitrary file writes for plain text uploads (limited by .txt). Version 3.0 fixes these bypasses. Impac...
CVE-2023-23948
The CVE-2023-23948 entry concerns the ownCloud Android app (v2.21.1) vulnerable to SQL injection in FileContentProvider.kt, leading to potential information disclosure. The issue affects two databases: filelist (deprecated in v3.0) and owncloud_database, with injections in the latter remaining re...
CVE-2015-5955
CVE-2015-5955 affects the ownCloud iOS app prior to version 3.4.4. The vulnerability arises from improper handling of state when switching between multiple configured ownCloud instances, which may cause the app to continue sending previous authentication headers and leak credentials and cookies t...
CVE-2020-36248
CVE-2020-36248 affects the Android app OwnCloud up to version 2.14 (before 2.15). The vulnerability arises because an attacker can use adb to inject a PIN preferences value into a backup archive, allowing the PIN lock to be bypassed when restoring that archive. The available connected documents c...