Vulnerabilities > Owncloud > Owncloud > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-21 | CVE-2023-49105 | Improper Authentication vulnerability in Owncloud An issue was discovered in ownCloud owncloud/core before 10.13.1. | 9.8 |
| 2021-09-07 | CVE-2021-35946 | Improper Privilege Management vulnerability in Owncloud A receiver of a federated share with access to the database with ownCloud version before 10.8 could update the permissions and therefore elevate their own permissions. | 9.8 |
| 2021-02-09 | CVE-2020-28645 | Improper Input Validation vulnerability in Owncloud Deleting users with certain names caused system files to be deleted. | 9.1 |
| 2020-02-11 | CVE-2014-2052 | XXE vulnerability in Owncloud Zend Framework, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack. | 9.8 |
| 2018-03-26 | CVE-2014-2048 | Improper Access Control vulnerability in Owncloud The user_openid app in ownCloud Server before 5.0.15 allows remote attackers to obtain access by leveraging an insecure OpenID implementation. | 9.8 |