Vulnerabilities > Owncloud > Owncloud > 2.14
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-21 | CVE-2023-49105 | Improper Authentication vulnerability in Owncloud An issue was discovered in ownCloud owncloud/core before 10.13.1. | 9.8 |
| 2023-02-13 | CVE-2023-23948 | SQL Injection vulnerability in Owncloud The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. | 5.5 |
| 2023-02-13 | CVE-2023-24804 | Path Traversal vulnerability in Owncloud The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. | 4.4 |
| 2022-11-10 | CVE-2022-43679 | Unspecified vulnerability in Owncloud The Docker image of ownCloud Server through 10.11 contains a misconfiguration that renders the trusted_domains config useless. | 5.3 |
| 2022-06-09 | CVE-2022-31649 | Exposure of Resource to Wrong Sphere vulnerability in Owncloud ownCloud owncloud/core before 10.10.0 Improperly Removes Sensitive Information Before Storage or Transfer. | 7.5 |
| 2022-04-07 | CVE-2022-25339 | Unspecified vulnerability in Owncloud ownCloud owncloud/android 2.20 has Incorrect Access Control for local attackers. | 5.5 |
| 2022-04-07 | CVE-2022-25338 | Unspecified vulnerability in Owncloud ownCloud owncloud/android before 2.20 has Incorrect Access Control for physically proximate attackers. low complexity owncloud | 6.8 |
| 2021-09-07 | CVE-2021-35946 | Improper Privilege Management vulnerability in Owncloud A receiver of a federated share with access to the database with ownCloud version before 10.8 could update the permissions and therefore elevate their own permissions. | 9.8 |
| 2021-09-07 | CVE-2021-35948 | Session Fixation vulnerability in Owncloud Session fixation on password protected public links in the ownCloud Server before 10.8.0 allows an attacker to bypass the password protection when they can force a target client to use a controlled cookie. | 5.4 |
| 2021-09-07 | CVE-2021-35947 | Information Exposure Through an Error Message vulnerability in Owncloud The public share controller in the ownCloud server before version 10.8.0 allows a remote attacker to see the internal path and the username of a public share by including invalid characters in the URL. | 5.3 |