Justin Aarden

**Name of the Vulnerable Software and Affected Versions** Zyxel GS1900-8 firmware version V2.70(AAHH.3) Zyxel GS1900-8HP firmware version V2.70(AAHI.3) **Description** The issue is related to a privilege escalation vulnerability that could allow an authenticated, local attacker with administrator privileges to execute system commands as 'root' on a vulnerable device via SSH. This is due to insecure privilege management in the firmware of Zyxel GS1900 series switches. An attacker could exploit this vulnerability to execute arbitrary commands and elevate their privileges to the root level. **Recommendations** For Zyxel GS1900-8 firmware version V2.70(AAHH.3), consider disabling SSH access until a patch is available. For Zyxel GS1900-8HP firmware version V2.70(AAHI.3), restrict access to system commands to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ownCloud version 10.7 **Description** The issue is related to an incorrect access control, leading to remote information disclosure. Due to a bug in the related API endpoint, an attacker can enumerate all users in a single request by entering three whitespaces. This could also cause higher than average load on a large instance. **Recommendations** For ownCloud version 10.7, consider restricting access to the affected API endpoint until a patch is available. As a temporary workaround, avoid using the API endpoint that allows user enumeration to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.