Vulnerabilities > Owncloud > Owncloud
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-07 | CVE-2021-35949 | Incorrect Authorization vulnerability in Owncloud The shareinfo controller in the ownCloud Server before 10.8.0 allows an attacker to bypass the permission checks for upload only shares and list metadata about the share. | 5.0 |
| 2021-05-20 | CVE-2021-29659 | Unspecified vulnerability in Owncloud 10.7.0 ownCloud 10.7 has an incorrect access control vulnerability, leading to remote information disclosure. | 4.0 |
| 2021-02-19 | CVE-2020-36248 | Cleartext Storage of Sensitive Information vulnerability in Owncloud The ownCloud application before 2.15 for Android allows attackers to use adb to include a PIN preferences value in a backup archive, and consequently bypass the PIN lock feature by restoring from this archive. | 2.1 |
| 2021-02-19 | CVE-2020-36252 | Exposure of Resource to Wrong Sphere vulnerability in Owncloud ownCloud Server 10.x before 10.3.1 allows an attacker, who has one outgoing share from a victim, to access any version of any file by sending a request for a predictable ID number. | 2.7 |
| 2021-02-19 | CVE-2020-36251 | Improper Privilege Management vulnerability in Owncloud ownCloud Server before 10.3.0 allows an attacker, who has received non-administrative access to a group share, to remove everyone else's access to that share. | 4.0 |
| 2021-02-19 | CVE-2020-36250 | Inadequate Encryption Strength vulnerability in Owncloud In the ownCloud application before 2.15 for Android, the lock protection mechanism can be bypassed by moving the system date/time into the past. | 2.1 |
| 2021-02-19 | CVE-2020-10254 | Improper Authentication vulnerability in Owncloud An issue was discovered in ownCloud before 10.4. | 4.3 |
| 2021-02-19 | CVE-2020-10252 | Server-Side Request Forgery (SSRF) vulnerability in Owncloud An issue was discovered in ownCloud before 10.4. | 6.5 |
| 2021-02-09 | CVE-2020-28645 | Improper Input Validation vulnerability in Owncloud Deleting users with certain names caused system files to be deleted. | 5.0 |
| 2021-02-09 | CVE-2020-28644 | Cross-Site Request Forgery (CSRF) vulnerability in Owncloud The CSRF (Cross Site Request Forgery) token check was improperly implemented on cookie authenticated requests against some ocs API endpoints. | 4.3 |