CVE-2021-44537
https://notcve.org/view.php?id=CVE-2021-44537
ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop client via a URL, leading to remote code execution. ownCloud owncloud/client versiones anteriores a 2.9.2 permite una inyección de recursos por parte de un servidor en el cliente de escritorio por medio de una URL, conllevando a una ejecución de código remota • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STKTSNYBZPXBGJOCDAMCZPRXJLAYGDMO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TSZNJFGM66LJONBQFYYQL4GD5XI5QO2Y https://owncloud.com/security-advisories/cve-2021-44537 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2020-28646
https://notcve.org/view.php?id=CVE-2020-28646
ownCloud owncloud/client before 2.7 allows DLL Injection. The desktop client loaded development plugins from certain directories when they were present. ownCloud owncloud/client versiones anteriores a 2.7, permite una inyección de DLL. El cliente de escritorio cargó plugins de desarrollo desde determinados directorios cuando estaban presentes • https://owncloud.com/security-advisories/cve-2020-28646 https://owncloud.com/security-advisories/feed • CWE-427: Uncontrolled Search Path Element •
CVE-2016-7102
https://notcve.org/view.php?id=CVE-2016-7102
ownCloud Desktop before 2.2.3 allows local users to execute arbitrary code and possibly gain privileges via a Trojan library in a "special path" in the C: drive. ownCloud Desktop en versiones anteriores a 2.2.3 permite a usuarios locales ejecutar código arbitrario y posiblemente obtener privilegios a través de una librería de troyanos en una "ruta especial" en el controlador C:. • http://www.securityfocus.com/bid/92627 https://owncloud.org/security/advisory/?id=oc-sa-2016-016 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2015-7298
https://notcve.org/view.php?id=CVE-2015-7298
ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate. NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression. ownCloud Desktop Client en versiones anteriores a 2.0.1, cuando es compliado con un lanzamiento de Qt en versiones posteriores a 5.3.x, no llama a QNetworkReply::ignoreSslErrors con la lista de errores para ser ignorados, lo que hace más fácil para atacantes remotos llevar a cabo ataques man-in-the-middle (MITM) aprovechando un servidor utilizando un certificado autofirmado. NOTA: esta vulnerabilidad existe a causa de una regresión parcial de CVE-2015-4456. • https://owncloud.org/security/advisory/?id=oc-sa-2015-016 •
CVE-2015-4456
https://notcve.org/view.php?id=CVE-2015-4456
ownCloud Desktop Client before 1.8.2 does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which allows man-in-the-middle attackers to bypass the user's certificate distrust decision and obtain sensitive information by leveraging a self-signed certificate and a connection to a server using its own self-signed certificate. ownCloud Desktop Client en versiones anteriores a 1.8.2 no llama a QNetworkReply::ignoreSslErrors con la lista de errores a ignorar, lo que permite a atacantes man-in-the-middle eludir la decisión de no confiar en el certificado de usuario y obtener información sensible aprovechando un certificado autofirmado y una conexión a un servidor usando su propio certificado autofirmado. • http://www.debian.org/security/2015/dsa-3363 http://www.securityfocus.com/bid/75354 https://github.com/owncloud/client/issues/3283 https://owncloud.org/security/advisory/?id=oc-sa-2015-009 •