Vulnerabilities > Owncloud > Owncloud Server
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-20 | CVE-2021-29659 | Unspecified vulnerability in Owncloud Server 10.7.0 ownCloud 10.7 has an incorrect access control vulnerability, leading to remote information disclosure. | 6.5 |
| 2021-02-19 | CVE-2020-36252 | Use of Insufficiently Random Values vulnerability in Owncloud Server ownCloud Server 10.x before 10.3.1 allows an attacker, who has one outgoing share from a victim, to access any version of any file by sending a request for a predictable ID number. | 5.7 |
| 2020-02-17 | CVE-2015-4715 | Files or Directories Accessible to External Parties vulnerability in Owncloud The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4 when an external Dropbox storage has been mounted, allows remote administrators of Dropbox.com to read arbitrary files via an @ (at sign) character in unspecified POST values. | 4.9 |
| 2020-02-11 | CVE-2014-2052 | XXE vulnerability in Owncloud Zend Framework, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack. | 9.8 |
| 2020-01-23 | CVE-2014-2050 | Cross-Site Request Forgery (CSRF) vulnerability in Owncloud Cross-site request forgery (CSRF) vulnerability in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to hijack the authentication of users for requests that reset passwords via a crafted HTTP Host header. | 6.5 |
| 2019-12-17 | CVE-2013-0202 | Cross-site Scripting vulnerability in Owncloud Server Cross-site scripting (XSS) vulnerability in ownCloud 4.5.5, 4.0.10, and earlier allows remote attackers to inject arbitrary web script or HTML via the action parameter to core/ajax/sharing.php. | 6.1 |
| 2019-11-22 | CVE-2013-0203 | Cross-site Scripting vulnerability in Owncloud Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) unspecified parameters to apps/calendar/ajax/event/new.php or (2) url parameter to apps/bookmarks/ajax/addBookmark.php. | 5.4 |
| 2016-01-08 | CVE-2016-1501 | Information Exposure vulnerability in Owncloud ownCloud Server before 8.0.9 and 8.1.x before 8.1.4 allow remote authenticated users to obtain sensitive information via unspecified vectors, which reveals the installation path in the resulting exception messages. | 4.3 |
| 2016-01-08 | CVE-2016-1500 | Information Exposure vulnerability in Owncloud ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2, when the "file_versions" application is enabled, does not properly check the return value of getOwner, which allows remote authenticated users to read the files with names starting with ".v" and belonging to a sharing user by leveraging an incoming share. | 3.1 |
| 2016-01-08 | CVE-2016-1499 | Resource Management Errors vulnerability in Owncloud ownCloud Server before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allow remote authenticated users to obtain sensitive information from a directory listing and possibly cause a denial of service (CPU consumption) via the force parameter to index.php/apps/files/ajax/scan.php. | 8.5 |