Vulnerabilities > Owncloud > Owncloud Server > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-20 | CVE-2021-29659 | Unspecified vulnerability in Owncloud Server 10.7.0 ownCloud 10.7 has an incorrect access control vulnerability, leading to remote information disclosure. | 6.5 |
| 2021-02-19 | CVE-2020-36252 | Use of Insufficiently Random Values vulnerability in Owncloud Server ownCloud Server 10.x before 10.3.1 allows an attacker, who has one outgoing share from a victim, to access any version of any file by sending a request for a predictable ID number. | 5.7 |
| 2020-02-17 | CVE-2015-4715 | Files or Directories Accessible to External Parties vulnerability in Owncloud The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4 when an external Dropbox storage has been mounted, allows remote administrators of Dropbox.com to read arbitrary files via an @ (at sign) character in unspecified POST values. | 4.9 |
| 2020-01-23 | CVE-2014-2050 | Cross-Site Request Forgery (CSRF) vulnerability in Owncloud Cross-site request forgery (CSRF) vulnerability in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to hijack the authentication of users for requests that reset passwords via a crafted HTTP Host header. | 6.5 |
| 2019-12-17 | CVE-2013-0202 | Cross-site Scripting vulnerability in Owncloud Server Cross-site scripting (XSS) vulnerability in ownCloud 4.5.5, 4.0.10, and earlier allows remote attackers to inject arbitrary web script or HTML via the action parameter to core/ajax/sharing.php. | 6.1 |
| 2019-11-22 | CVE-2013-0203 | Cross-site Scripting vulnerability in Owncloud Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) unspecified parameters to apps/calendar/ajax/event/new.php or (2) url parameter to apps/bookmarks/ajax/addBookmark.php. | 5.4 |
| 2016-01-08 | CVE-2016-1501 | Information Exposure vulnerability in Owncloud ownCloud Server before 8.0.9 and 8.1.x before 8.1.4 allow remote authenticated users to obtain sensitive information via unspecified vectors, which reveals the installation path in the resulting exception messages. | 4.3 |
| 2016-01-08 | CVE-2016-1498 | Cross-site Scripting vulnerability in Owncloud Cross-site scripting (XSS) vulnerability in the OCS discovery provider component in ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a URL. | 6.1 |