Approved changes feed: RSS · Atom
cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:android:*:*
part: a version: * update: *
| Vendor | Owncloud (7adb7c81-0e09-5084-ad84-9888a985e435) |
|---|---|
| Product | Owncloud (0271b5cd-a422-50b1-98fd-dfe8bea7189b) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | android |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/owncloud/core |
purl2cpe | 2026-06-01 10:16:35.628418 |
pkg:rpm/fedora/owncloud |
purl2cpe | 2026-06-01 10:16:35.628419 |
pkg:rpm/opensuse/owncloud |
purl2cpe | 2026-06-01 10:16:35.628421 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-24804 |
vulnerable | 2026-06-08 05:56:06.255036 |
ownCloud Android app vulnerable to Path Traversal
MEDIUM (5)
The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Prior to version 3.0, the app has an incomplete fix for a path traversal issue and is vulnerable to two bypass methods. The bypasses may lead to information disclosure when uploading the app’s internal files, and to arbitrary file write when uploading plain text files (although limited by the .txt extension). Version 3.0 fixes the reported bypasses.
Published: 2023-02-13T16:28:43.705Z
Updated: 2025-03-10T21:13:09.851Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-23948 |
vulnerable | 2026-06-08 05:56:04.884483 |
ownCloud Android app vulnerable to SQL Injection
MEDIUM (6.2)
The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Version 2.21.1 of the ownCloud Android app is vulnerable to SQL injection in `FileContentProvider.kt`. This issue can lead to information disclosure. Two databases, `filelist` and `owncloud_database`, are affected. In version 3.0, the `filelist` database was deprecated. However, injections affecting `owncloud_database` remain relevant as of version 3.0.
Published: 2023-02-13T16:30:18.434Z
Updated: 2025-03-10T21:13:02.126Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-25339 |
vulnerable | 2026-06-08 05:41:45.752280 |
Details available
ownCloud owncloud/android 2.20 has Incorrect Access Control for local attackers.
Published: 2022-04-07T14:21:22.000Z
Updated: 2024-08-03T04:36:06.919Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-25338 |
vulnerable | 2026-06-08 05:41:45.750755 |
Details available
ownCloud owncloud/android before 2.20 has Incorrect Access Control for physically proximate attackers.
Published: 2022-04-07T14:01:39.000Z
Updated: 2024-08-03T04:36:06.775Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-36250 |
vulnerable | 2026-06-08 05:25:02.907811 |
Details available
MEDIUM (6.1)
In the ownCloud application before 2.15 for Android, the lock protection mechanism can be bypassed by moving the system date/time into the past.
Published: 2021-02-19T07:00:17.000Z
Updated: 2024-08-04T17:23:09.869Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-36248 |
vulnerable | 2026-06-08 05:25:02.905234 |
Details available
LOW (3.9)
The ownCloud application before 2.15 for Android allows attackers to use adb to include a PIN preferences value in a backup archive, and consequently bypass the PIN lock feature by restoring from this archive.
Published: 2021-02-19T07:00:50.000Z
Updated: 2024-08-04T17:23:09.913Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.