CyberSec.Space Logo
返回 CVE 浏览器

CVE-2014-2052

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0030%
EPSS Percentile38.78th
Published2020年2月11日
Last Modified2025年3月31日

Vulnerability Description

Zend Framework, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.

Affected Platforms (CPE)

📦
Owncloud

Owncloud

< 5.0.15
📦
Owncloud

Owncloud Server

>= 6.0.0 and < 6.0.2

References & Advisories

🔗 http://owncloud.org/about/security/advisories/oC-SA-2014-006/
🔗 https://owncloud.org/security/advisories/xxe-multiple-third-party-components/
🔗 https://www.securityfocus.com/bid/66222
🔗 http://owncloud.org/about/security/advisories/oC-SA-2014-006/
🔗 https://owncloud.org/security/advisories/xxe-multiple-third-party-components/
🔗 https://www.securityfocus.com/bid/66222

相关漏洞威胁

CVE-2015-471610.0

Directory traversal vulnerability in the routing component in ownCloud Server before 7.0.6 and 8.0.x before 8.0.4, when running on...

CVE-2019-253379.8

OwnCloud 8.1.8 contains a username enumeration vulnerability that allows remote attackers to discover user accounts by manipulatin...

CVE-2021-359469.8

A receiver of a federated share with access to the database with ownCloud version before 10.8 could update the permissions and the...

CVE-2014-20489.8

The user_openid app in ownCloud Server before 5.0.15 allows remote attackers to obtain access by leveraging an insecure OpenID imp...