CVE-2023-49103 is a CISA Known Exploited Vulnerabilities entry affecting ownCloud graphapi. The public records provided here describe it as an information disclosure vulnerability, and CISA’s note points to vendor guidance about disclosure of sensitive credentials and configuration in containerized deployments. Because CISA added it to KEV on 2023-11-30 with a remediation due date of 2023-12-21, defenders [truncated]
CVE-2017-5867 describes a denial-of-service issue in ownCloud Server where a remote authenticated user can trigger a server hang and logfile flooding by uploading or processing a one-bit BMP file. The issue affects multiple ownCloud release lines and is addressed by vendor-fixed versions.
CVE-2017-5866 is a low-severity information disclosure issue in ownCloud Server’s E-Mail share dialog autocomplete feature. The flaw affects specific ownCloud releases before the vendor’s fixed versions and allows a remote authenticated user to obtain sensitive information. The NVD assigns CVSS 3.0 vector AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N, reflecting limited confidentiality impact with no integrity or a [truncated]
CVE-2017-5865 is an information-disclosure issue in ownCloud Server's password-reset flow. In affected versions, the application returned different error messages depending on whether a username was valid, which let remote attackers enumerate user names by repeatedly attempting password resets. The fix is to move to a patched release and ensure the reset flow does not reveal account existence through its responses.
CVE-2016-7102 describes a local code execution issue in ownCloud Desktop before version 2.2.3. According to the CVE/NVD record, a malicious library placed in a special path on the C: drive could be loaded, allowing arbitrary code execution by a local user and possibly privilege gain.
CVE-2016-5876 affects ownCloud server installations when the gallery app is enabled. The issue allows a remote attacker to download arbitrary images through a direct request. NVD rates the weakness as Medium severity (CVSS 5.9) with network attack vector, no privileges required, and no user interaction.
