Vulnerabilities > Owncloud > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-11-21 CVE-2023-49105 Improper Authentication vulnerability in Owncloud
An issue was discovered in ownCloud owncloud/core before 10.13.1.
network
low complexity
owncloud CWE-287
critical
9.8
2021-09-07 CVE-2021-35946 Improper Privilege Management vulnerability in Owncloud
A receiver of a federated share with access to the database with ownCloud version before 10.8 could update the permissions and therefore elevate their own permissions.
network
low complexity
owncloud CWE-269
critical
9.8
2021-02-09 CVE-2020-28645 Improper Input Validation vulnerability in Owncloud
Deleting users with certain names caused system files to be deleted.
network
low complexity
owncloud CWE-20
critical
9.1
2020-02-11 CVE-2014-2052 XXE vulnerability in Owncloud
Zend Framework, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.
network
low complexity
owncloud CWE-611
critical
9.8
2018-03-26 CVE-2014-2048 Improper Access Control vulnerability in Owncloud
The user_openid app in ownCloud Server before 5.0.15 allows remote attackers to obtain access by leveraging an insecure OpenID implementation.
network
low complexity
owncloud CWE-284
critical
9.8