Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

All statuses
Filter by:
With package: owncloud-client

Found 2 matching suggestions

View:
Compact
Detailed
Untriaged
Permalink CVE-2013-0202
created 2 months ago Activity log
  • Created suggestion 2 months ago
Cross-site scripting (XSS) vulnerability in ownCloud 4.5.5, 4.0.10, and earlier …

Cross-site scripting (XSS) vulnerability in ownCloud 4.5.5, 4.0.10, and earlier allows remote attackers to inject arbitrary web script or HTML via the action parameter to core/ajax/sharing.php.

Affected products

ownCloud
  • ==4.0.10
  • ==4.5.5
  • ==and earlier

Matching in nixpkgs

pkgs.owncloud-client

Synchronise your ownCloud with your computer using this desktop client

Package maintainers

Untriaged
Permalink CVE-2019-25337
9.8 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
created 2 months, 1 week ago Activity log
  • Created suggestion 2 months, 1 week ago
OwnCloud 8.1.8 - Username Disclosure

OwnCloud 8.1.8 contains a username enumeration vulnerability that allows remote attackers to discover user accounts by manipulating the share.php endpoint. Attackers can send crafted GET requests to /index.php/core/ajax/share.php with a wildcard search parameter to retrieve comprehensive user information.

Affected products

OwnCloud
  • ==8.1.8

Matching in nixpkgs

pkgs.owncloud-client

Synchronise your ownCloud with your computer using this desktop client

Package maintainers