GCVE - cpe:2.3:a:owncloud:owncloud_desktop_client:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:owncloud:owncloud_desktop_client:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Owncloud (`7adb7c81-0e09-5084-ad84-9888a985e435`)
Product	Owncloud Desktop Client (`fca3ca57-8d6a-561d-9142-5d28dd1d2c4c`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/owncloud/client`	purl2cpe	2026-06-01 10:16:35.648376

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2021-44537`	vulnerable	2026-06-03 14:45:36.566570	Details available ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop client via a URL, leading to remote code execution. Published: 2022-01-15T20:51:25.000Z Updated: 2024-08-04T04:25:16.471Z Open on db.gcve.eu Reference links https://owncloud.com/security-advisories/cve-2021-44537/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSZNJFGM66LJONBQFYYQL4GD5XI5QO2Y/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STKTSNYBZPXBGJOCDAMCZPRXJLAYGDMO/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-28646`	vulnerable	2026-06-03 14:42:21.596244	Details available ownCloud owncloud/client before 2.7 allows DLL Injection. The desktop client loaded development plugins from certain directories when they were present. Published: 2021-02-26T14:51:57.000Z Updated: 2024-08-04T16:40:59.935Z Open on db.gcve.eu Reference links https://owncloud.com/security-advisories/feed/ https://owncloud.com/security-advisories/cve-2020-28646/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-7102`	vulnerable	2026-06-03 14:36:06.921765	Details available ownCloud Desktop before 2.2.3 allows local users to execute arbitrary code and possibly gain privileges via a Trojan library in a "special path" in the C: drive. Published: 2017-01-23T21:00:00.000Z Updated: 2024-08-06T01:50:47.447Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/92627 https://owncloud.org/security/advisory/?id=oc-sa-2016-016	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-7298`	vulnerable	2026-06-03 14:35:08.373192	Details available ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate. NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression. Published: 2015-10-26T14:00:00.000Z Updated: 2024-08-06T07:43:46.168Z Open on db.gcve.eu Reference links https://owncloud.org/security/advisory/?id=oc-sa-2015-016	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-4456`	vulnerable	2026-06-03 14:34:51.918454	Details available ownCloud Desktop Client before 1.8.2 does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which allows man-in-the-middle attackers to bypass the user's certificate distrust decision and obtain sensitive information by leveraging a self-signed certificate and a connection to a server using its own self-signed certificate. Published: 2015-10-26T14:00:00.000Z Updated: 2024-08-06T06:18:11.038Z Open on db.gcve.eu Reference links http://www.debian.org/security/2015/dsa-3363 https://github.com/owncloud/client/issues/3283 https://owncloud.org/security/advisory/?id=oc-sa-2015-009 http://www.securityfocus.com/bid/75354	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.