Vulnerabilities > Owncloud > Owncloud > 2.15
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-07 | CVE-2021-35949 | Incorrect Authorization vulnerability in Owncloud The shareinfo controller in the ownCloud Server before 10.8.0 allows an attacker to bypass the permission checks for upload only shares and list metadata about the share. | 5.0 |
| 2021-02-19 | CVE-2020-36251 | Improper Privilege Management vulnerability in Owncloud ownCloud Server before 10.3.0 allows an attacker, who has received non-administrative access to a group share, to remove everyone else's access to that share. | 4.0 |
| 2021-02-19 | CVE-2020-10254 | Improper Authentication vulnerability in Owncloud An issue was discovered in ownCloud before 10.4. | 4.3 |
| 2021-02-19 | CVE-2020-10252 | Server-Side Request Forgery (SSRF) vulnerability in Owncloud An issue was discovered in ownCloud before 10.4. | 6.5 |
| 2017-07-17 | CVE-2017-9340 | Unspecified vulnerability in Owncloud An attacker is logged in as a normal user and can somehow make admin to delete shared folders in ownCloud Server before 10.0.2. | 4.0 |
| 2017-07-17 | CVE-2017-9339 | Unspecified vulnerability in Owncloud A logical error in ownCloud Server before 10.0.2 caused disclosure of valid share tokens for public calendars. | 5.0 |
| 2017-07-17 | CVE-2017-9338 | Cross-site Scripting vulnerability in Owncloud Inadequate escaping lead to XSS vulnerability in the search module in ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2. | 3.5 |