5 matches found
CVE-2021-44537
CVE-2021-44537 affects the ownCloud desktop client before 2.9.2. The issue stems from a server-controlled URL that can inject resources into the client, enabling remote code execution. The vulnerability enables a remote attacker to trigger code execution with no user privileges required and persi...
CVE-2020-28646
CVE-2020-28646 affects the ownCloud desktop client prior to 2.7. It allows DLL injection by loading development plugins from certain directories when present. Impact is execution of potentially untrusted plugin code via local access. Remediation: upgrade to version 2.7 or newer (or apply the PTSe...
CVE-2015-4456
The CVE-2015-4456 issue affects the ownCloud Desktop Client prior to 1.8.2. The vulnerability arises because the client does not call QNetworkReply::ignoreSslErrors with the set of errors to ignore, enabling MITM attackers to bypass certificate distrust decisions when connecting to a server using...
CVE-2015-7298
CVE-2015-7298 affects the ownCloud Desktop Client prior to 2.0.1 when built with a Qt release after 5.3.x. The issue is that the client does not call QNetworkReply::ignoreSslErrors with the list of errors to ignore, which can enable remote attackers to perform MITM attacks against servers using s...
CVE-2016-7102
CVE-2016-7102 affects ownCloud Desktop prior to version 2.2.3. The vulnerability allows local users to execute arbitrary code and potentially gain privileges by loading a Trojan library from a specially crafted path on the C: drive, enabling code execution during startup. Root cause is the loadin...