Vulnerabilities > Owncloud > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-21 | CVE-2023-49103 | Unspecified vulnerability in Owncloud Graph API 0.2.0/0.3.0 An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. | 7.5 |
| 2022-06-09 | CVE-2022-31649 | Exposure of Resource to Wrong Sphere vulnerability in Owncloud ownCloud owncloud/core before 10.10.0 Improperly Removes Sensitive Information Before Storage or Transfer. | 7.5 |
| 2022-01-15 | CVE-2021-44537 | Injection vulnerability in multiple products ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop client via a URL, leading to remote code execution. | 7.8 |
| 2021-09-07 | CVE-2021-35946 | Improper Privilege Management vulnerability in Owncloud A receiver of a federated share with access to the database with ownCloud version before 10.8 could update the permissions and therefore elevate their own permissions. | 7.5 |
| 2021-02-19 | CVE-2020-36249 | Unspecified vulnerability in Owncloud File Firewall The File Firewall before 2.8.0 for ownCloud Server does not properly enforce file-type restrictions for public shares. | 7.5 |
| 2020-02-11 | CVE-2014-2052 | XXE vulnerability in Owncloud Zend Framework, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack. | 7.5 |
| 2018-03-26 | CVE-2014-2048 | Improper Access Control vulnerability in Owncloud The user_openid app in ownCloud Server before 5.0.15 allows remote attackers to obtain access by leveraging an insecure OpenID implementation. | 7.5 |
| 2016-01-08 | CVE-2016-1499 | Resource Management Errors vulnerability in Owncloud ownCloud Server before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allow remote authenticated users to obtain sensitive information from a directory listing and possibly cause a denial of service (CPU consumption) via the force parameter to index.php/apps/files/ajax/scan.php. | 7.5 |
| 2015-10-26 | CVE-2015-6500 | Path Traversal vulnerability in Owncloud Directory traversal vulnerability in ownCloud Server before 8.0.6 and 8.1.x before 8.1.1 allows remote authenticated users to list directory contents and possibly cause a denial of service (CPU consumption) via a .. | 7.5 |
| 2015-10-21 | CVE-2015-4717 | Resource Management Errors vulnerability in Owncloud The filename sanitization component in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 does not properly handle $_GET parameters cast by PHP to an array, which allows remote attackers to cause a denial of service (infinite loop and log file consumption) via crafted endpoint file names. | 7.8 |