CVE-2021-3339
ModernFlow before 1.3.00.208 does not constrain web-page access to members of a security group, as demonstrated by the Search Screen and the Profile Screen.
Source: CVE-2021-3339
[월:] 2021년 02월
CVE-2020-36250
CVE-2020-36250
In the ownCloud application before 2.15 for Android, the lock protection mechanism can be bypassed by moving the system date/time into the past.
Source: CVE-2020-36250
CVE-2020-10252
CVE-2020-10252
An issue was discovered in ownCloud before 10.4. Because of an SSRF issue (via the apps/files_sharing/external remote parameter), an authenticated attacker can interact with local services blindly (aka Blind SSRF) or conduct a Denial Of Service attack.
Source: CVE-2020-10252
CVE-2020-36249
CVE-2020-36249
The File Firewall before 2.8.0 for ownCloud Server does not properly enforce file-type restrictions for public shares.
Source: CVE-2020-36249
CVE-2020-36251
CVE-2020-36251
ownCloud Server before 10.3.0 allows an attacker, who has received non-administrative access to a group share, to remove everyone else’s access to that share.
Source: CVE-2020-36251
CVE-2020-36252
CVE-2020-36252
ownCloud Server 10.x before 10.3.1 allows an attacker, who has one outgoing share from a victim, to access any version of any file by sending a request for a predictable ID number.
Source: CVE-2020-36252
CVE-2020-10254
CVE-2020-10254
An issue was discovered in ownCloud before 10.4. An attacker can bypass authentication on a password-protected image by displaying its preview.
Source: CVE-2020-10254
CVE-2020-36247
CVE-2020-36247
Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows CSRF.
Source: CVE-2020-36247
CVE-2020-24908
CVE-2020-24908
Checkmk before 1.6.0p17 allows local users to obtain SYSTEM privileges via a Trojan horse shell script in the %PROGRAMDATA%checkmkagentlocal directory.
Source: CVE-2020-24908
CVE-2020-36246
CVE-2020-36246
Amaze File Manager before 3.5.1 allows attackers to obtain root privileges via shell metacharacters in a symbolic link.
Source: CVE-2020-36246