en
Contact
Search
Get started

玩嘉电竞赛程查询

玩嘉电竞下载注册  security policies and information

 

Follow via RSS

Want to learn more about 玩嘉电竞下载注册 security capabilities?

owncloud is the market-leading open source software for file sharing and content collaboration. Learn more about advanced security features for your file cloud set-up:

玩嘉电竞下载注册 security features

Securing your 玩嘉电竞下载注册 server

For server owners, our documentation has a section with best practices and  tips on securing an 玩嘉电竞下载注册 server .

Tips for securing 玩嘉电竞下载注册 servers

Hall of fame

People who helped make 玩嘉电竞下载注册 more secure. Thank you!

Hall of fame

Process

If you’ve discovered a security issue with 玩嘉电竞下载注册, please read our responsible disclosure guidelines and contact us at hackerone . Your report should include, at least the following three things:

  1. Product version
  2. A vulnerability description
  3. Reproduction steps

A member of the security team will confirm the vulnerability, determine its impact, and develop a fix. The fix will be applied to the master branch, tested, and packaged in the next security release. The vulnerability will be publicly announced after the release. Finally, your name will be added to the hall of fame as a thank you from the entire 玩嘉电竞下载注册 community.

Responsible Disclosure Guidelines

The 玩嘉电竞下载注册 community kindly requests that you comply with the following guidelines when researching and reporting security vulnerabilities:

  • Only test for vulnerabilities on your own install of 玩嘉电竞下载注册 Server
  • Confirm the vulnerability applies to a supported product version
  • Share vulnerabilities in detail only with the security team
  • Allow reasonable time for a response from the security team
  • Do not publish information related to the vulnerability until 玩嘉电竞下载注册 has made an announcement to the community

Out of scope

Usually, the following types of bugs are out of scope from our security program:

  • Network level vulnerabilities (e.g. DDoS)
  • Bugs on infrastructure

Supported Product Versions

玩嘉电竞下载注册 Server:

玩嘉电竞下载注册 Desktop Client:

Third-party apps

Vulnerabilities in third-party applications should also be reported to the security team. The security team is not responsible for the security of these apps, but will attempt to contact the 3rd party app maintainer and then take proper actions.

Security Advisories

Information disclosure in settings UI and API responses

Jun 6, 2022

Risk: medium CVSS v3 Base Score: 5.7 CVSS v3 Vector: AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N CWE ID: CWE-212 CWE Name: Improper Removal of Sensitive Information Before Storage or Transfer CVE: CVE-2022-31649 Description The settings page and some API responses of a few...

read more

Security updates in Desktop Client

May 23, 2022

Risk: low CVSS v3 Base Score: 0 CVSS v3 Vector: CWE ID: CWE Name: CVE: CVE-2018-25032 Description Even though there are no known vulnerabilities in the 玩嘉电竞下载注册 desktop client we have updated the QT library which includes the zlib library. This is a preventive measure...

read more

玩嘉电竞下载注册 Android App lock bypass

Mar 17, 2022

Risk: low CVSS v3 Base Score: 5.3 CVSS v3 Vector: AV:P/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N CWE ID: CWE-284 CWE Name: CWE-284: Improper Access Control CVE: CVE-2022-25338 Description An attacker with physical access to the device could bypass the app lock of the 玩嘉电竞下载注册...

read more

Missing URL validation allowed RCE on the desktop client

Dec 21, 2021

Risk: low CVSS v3 Base Score: 4.1 CVSS v3 Vector: AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L CWE ID: CWE-99 CWE Name: Improper Control of Resource Identifiers ('Resource Injection') CVE: CVE-2021-44537 Description A malicious server could achieve remote code execution on the...

read more

Server Side Request Forgery (SSRF) through user_ldap app

Sep 8, 2021

Risk: low CVSS v3 Base Score: 4.1 CVSS v3 Vector: AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N CWE ID: CWE-918 CWE Name: Server-Side Request Forgery (SSRF) CVE: CVE-2021-40537 Description Server Side Request Forgery (SSRF) vulnerability in the settings of the user_ldap app....

read more

Federated share recipient can increase permissions

Aug 2, 2021

Risk: medium CVSS v3 Base Score: 5.7 CVSS v3 Vector: AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N CWE ID: CWE-266 CWE Name: Incorrect Privilege Assignment CVE: CVE-2021-35946 Description The receiver of a federated share could update the permissions granted to the receivers of...

read more

Shareinfo url doesn’t verify file drop permissions

Aug 2, 2021

Risk: low CVSS v3 Base Score: 4.3 CVSS v3 Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CWE ID: CWE-424 CWE Name: Improper Protection of Alternate Path CVE: CVE-2021-35949 Description The permission check for a file drop (upload only share) could be circumvented by...

read more

Session fixation on public links

Aug 2, 2021

Risk: low CVSS v3 Base Score: 3.9 CVSS v3 Vector: AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N CWE ID: CWE-384 CWE Name: Session Fixation CVE: CVE-2021-35948 Description The session cookies were not reset after authenticating for public links. Affected core < 10.8.0 Action...

read more

Full path and username disclosure in public links

Aug 2, 2021

Risk: low CVSS v3 Base Score: 4.3 CVSS v3 Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CWE ID: CWE-209 CWE Name: Generation of Error Message Containing Sensitive Information CVE: CVE-2021-35947 Description By appending certain characters to the query parameters of a...

read more

Upload of malicious files to publicly shared folders

Jun 21, 2021

Risk: medium CVSS v3 Base Score: 5.4 CVSS v3 Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CWE ID: CWE-459 CWE Name: Incomplete Cleanup CVE: CVE-2021-33828 Description It was possible to upload malicious files to a public share. The malicious files were detected but...

read more

Arbitrary code execution through admin settings

Jun 21, 2021

Risk: medium CVSS v3 Base Score: 6.6 CVSS v3 Vector: AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L CWE ID: CWE-78 CWE Name: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CVE: CVE-2021-33827 Description In the administration settings...

read more

Authenticated account enumeration in sharing dialog

May 17, 2021

Risk: low CVSS v3 Base Score: 5.4 CVSS v3 Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N CWE ID: CWE-200 CWE Name: Exposure of Sensitive Information to an Unauthorized Actor CVE: CVE-2021-29659 Description The sharing dialog implements a user enumeration mitigation to prevent an...

read more

Cross Site Request Forgery in the ocs api

Dec 30, 2020

Risk: medium CVSS v3 Base Score: 4.3 CVSS v3 Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CWE ID: CWE-352 CWE Name: Cross-Site Request Forgery (CSRF) Description The CSRF token was not properly checked on cookie authenticated requests against the ocs api. Affected...

read more

Missing user validation leading to information disclosure

Dec 30, 2020

Risk: low CVSS v3 Base Score: 3.1 CVSS v3 Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CWE ID: CWE-20 CWE Name: Improper Input Validation Description Deleting users with certain names caused system files to be deleted. Risk is higher for systems which allow users to...

read more

Bypassing File Firewall (oC-SA-2020-002)

Aug 3, 2020

Platform: 玩嘉电竞下载注册 Server Versions: n/a Date: 8/3/2020 Risk: Low CVSS v3 Base Score: 1.6 CVSS v3 Vector: AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:N CWE ID: CWE-791 CWE Name: Incomplete Filtering of Special Elements Description When a share to a folder with upload rights was...

read more

Deleting received group share for whole group

Feb 28, 2020

Platform: 玩嘉电竞下载注册 Server Versions: 10.2.0 Date: 2/28/2020 Risk: Low CVSS v3 Base Score: 3.5 CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N CWE ID: 385 CWE Name: Improper Privilege Management Description A group-share recipient can remove the received...

read more

Public-Link Password-Bypass via Image-Previews

Feb 28, 2020

Platform: 玩嘉电竞下载注册 Server Versions: 10.3 Date: 2/28/2020 Risk: Low CVSS v3 Base Score: 3.1 CVSS v3 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CWE ID: 284 CWE Name: Improper Access Control Description It was possible to access the preview-image of a...

read more

SSRF in “Add to your 玩嘉电竞下载注册” functionality

Feb 28, 2020

Platform: 玩嘉电竞下载注册 Server Versions: 10.3, 10.3.1 Date: 2/28/2020 Risk: Low CVSS v3 Base Score: 1.3 CVSS v3 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:N CWE ID: 20 CWE Name: Improper Input Validation Description It is possible to force the 玩嘉电竞下载注册 server to...

read more

Possibility to extend internal share permissions using the API

Jul 25, 2019

Platform: 玩嘉电竞下载注册 Server Versions: 10.0.0 Date: 7/25/2019 Risk level: High CVSS v3 Base Score: 8 (Improper Privilege Management, CWE-269) Description An Attacker can extend the permission of a received subfolder share using the ocs api. Additional risk exists because...

read more

XSS in Error Page

May 31, 2017

Platform: 玩嘉电竞下载注册 Server Versions: 10.0.2 Date: 5/31/2017 Risk level: Medium CVSS v3 Base Score: 4.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) CWE: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) (CWE-79) HackerOne report:...

read more

Share tokens for public calendars disclosed

May 31, 2017

Platform: 玩嘉电竞下载注册 Server Versions: 10.0.2 Date: 5/31/2017 Risk level: Medium CVSS v3 Base Score: 4.3 (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) CWE: Information Exposure Through Directory Listing (CWE-548) Description A logical error caused disclosure of valid share...

read more

Normal user can somehow make admin to delete shared folders

May 31, 2017

Platform: 玩嘉电竞下载注册 Server Versions: 10.0.2 Date: 5/31/2017 Risk level: Medium CVSS v3 Base Score: 4.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) CWE: Improper Privilege Management (CWE-269) HackerOne report: 166581 Description An attacker is logged in as a normal...

read more

Local Code Injection

Aug 17, 2016

Platform: Desktop-clients Versions: 2.2.3, Date: 8/17/2016 Risk level: Medium CVSS v2 Base Score: 4.1 (AV:L/AC:M/Au:S/C:C/I:P/A:N/E:F/RL:OF/RC:C) CWE: Process Control (CWE-114) Description The 玩嘉电竞下载注册 Client was vunerable to a local code injection attack. A malicious...

read more

Bypass of application specific PIN

Apr 7, 2016

Platform: Mobile Clients Versions: Android 1.9.1, Date: 4/7/2016 Risk level: Medium CVSS v3 Base Score: 5.9 (AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N) CWE: Authentication Bypass Issues (CWE-592) Description The 玩嘉电竞下载注册 Android application does support setting a PIN that...

read more

Your secure file platform

Boost your productivity and enable collaboration within your organization. 

Get to know 玩嘉电竞下载注册
Contact us
Install Server

The backbone of secure file sharing

Start Online

Our software as a service solution. Hosted securely in Germany.
Ready in a glimpse.

Download Mobile Apps

Bring your productivity game to the next level. Download our Android or iOS app from the app stores.

英雄联盟竞猜数据直播正规 英雄联盟竞猜查询决赛 英雄联盟竞猜数据抽注 英雄联盟竞猜入口手机版 大圣电竞(重庆)投注排名 VG电子比分手机版电脑版