Lucene search
+L

146 matches found

NVD
NVD
added 2023/08/24 11:15 p.m.18 views

CVE-2023-37469

CasaOS is an open-source personal cloud system. Prior to version 0.4.4, if an authenticated user using CasaOS is able to successfully connect to a controlled SMB server, they are able to execute arbitrary commands. Version 0.4.4 contains a patch for the issue...

8.8CVSS8.9AI score0.0127EPSS
Exploits1References5
Prion
Prion
added 2023/08/24 11:15 p.m.93 views

Design/Logic Flaw

CasaOS is an open-source personal cloud system. Prior to version 0.4.4, if an authenticated user using CasaOS is able to successfully connect to a controlled SMB server, they are able to execute arbitrary commands. Version 0.4.4 contains a patch for the issue...

6.5CVSS8.8AI score0.0127EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2023/08/24 10:12 p.m.75 views

CVE-2023-37469

CVE-2023-37469 is a CasaOS Command Injection vulnerability that affects versions prior to 0.4.4. An authenticated CasaOS user who can connect to a controlled SMB server can execute arbitrary commands on the system. The CVSS v3.1 base score is 8.8 (HIGH) with network access, low attack complexity,...

8.8CVSS8.8AI score0.0127EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2023/08/24 10:12 p.m.31 views

CVE-2023-37469 CasaOS Command Injection vulnerability

CasaOS is an open-source personal cloud system. Prior to version 0.4.4, if an authenticated user using CasaOS is able to successfully connect to a controlled SMB server, they are able to execute arbitrary commands. Version 0.4.4 contains a patch for the issue...

8.8CVSS9AI score0.0127EPSS
Exploits1References5
OSV
OSV
added 2023/08/24 10:12 p.m.5 views

CVE-2023-37469 CasaOS Command Injection vulnerability

CasaOS is an open-source personal cloud system. Prior to version 0.4.4, if an authenticated user using CasaOS is able to successfully connect to a controlled SMB server, they are able to execute arbitrary commands. Version 0.4.4 contains a patch for the issue...

8.8CVSS7.3AI score0.0127EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2023/08/24 10:12 p.m.15 views

CVE-2023-37469 CasaOS Command Injection vulnerability

CasaOS is an open-source personal cloud system. Prior to version 0.4.4, if an authenticated user using CasaOS is able to successfully connect to a controlled SMB server, they are able to execute arbitrary commands. Version 0.4.4 contains a patch for the issue...

8.8CVSS8.8AI score0.0127EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/08/24 12:0 a.m.1 views

PT-2023-25981 · Casaos · Casaos

Name of the Vulnerable Software and Affected Versions: CasaOS versions prior to 0.4.4 Description: CasaOS is an open-source personal cloud system. If an authenticated user is able to successfully connect to a controlled SMB server, they are able to execute arbitrary commands. Recommendations: For...

9.3CVSS7.7AI score0.0127EPSS
Exploits1References12
CNNVD
CNNVD
added 2023/08/24 12:0 a.m.4 views

CasaOS 命令注入漏洞

CasaOS is a simple, easy-to-use, and elegant open source home cloud system. A command injection vulnerability exists in CasaOS versions prior to 0.4.4 that originates from allowing an authenticated attacker to connect to an SMB server to execute arbitrary commands...

8.8CVSS8.3AI score0.0127EPSS
Exploits1References7
Veracode
Veracode
added 2023/07/19 2:28 a.m.18 views

Lack Of IP Address Verification

github.com/IceWhaleTech/CasaOS-Gateway is vulnerable to Lack Of IP Address Verification. The vulnerability exists because the gatewayroute.go incorrectly checks the source of an IP, which allows an attacker to inject and execute malicious commands as root on a CasaOS instance...

9.8CVSS7.2AI score0.07356EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2023/07/19 2:8 a.m.21 views

Weak JWT Secrets

github.com/IceWhaleTech/CasaOS is vulnerable to Weak JWT Secrets. The vulnerability exists because the InitV1Router function of v1.go and InitV2Router function of v2.go does not properly validate the JWT tokens, which allows an attacker to send maliciously crafted JWTs and access the features tha...

9.8CVSS7.7AI score0.06789EPSS
Exploits1References4Affected Software1
CNVD
CNVD
added 2023/07/19 12:0 a.m.15 views

IBM DB2 is a relational database management system from International Business Machines (IBM). The main execution environments for this system are UNIX, Linux, IBMi, z/OS, and Windows server versions. A denial of service vulnerability exists in IBM Db2, which can be exploited by an attacker to cause a denial of service.

CasaOS is a simple, easy-to-use and elegant open source home cloud system. An Access Control Error vulnerability exists in CasaOS versions prior to 0.4.4 that stems from a lack of authenticated IP addresses. An attacker can exploit the vulnerability to execute arbitrary commands as root...

9.8CVSS7.5AI score0.07356EPSS
Exploits1References1
CNVD
CNVD
added 2023/07/19 12:0 a.m.119 views

CasaOS Encryption Issues Vulnerabilities

CasaOS is a simple, easy-to-use and elegant open source home cloud system. A cryptographic issue vulnerability exists in versions of CasaOS prior to 0.4.4. The vulnerability stems from a poor choice of JWT algorithm and can be exploited by an attacker to craft arbitrary JWTs and access functions...

9.8CVSS7.4AI score0.06789EPSS
Exploits1References1
NVD
NVD
added 2023/07/17 9:15 p.m.79 views

CVE-2023-37266

CasaOS is an open-source Personal Cloud system. Unauthenticated attackers can craft arbitrary JWTs and access features that usually require authentication and execute arbitrary commands as root on CasaOS instances. This problem was addressed by improving the validation of JWTs in commit 705bf1f...

9.8CVSS0.06789EPSS
Exploits1References3
NVD
NVD
added 2023/07/17 9:15 p.m.26 views

CVE-2023-37265

CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthenticated attackers can execute arbitrary commands as root on CasaOS instances. The problem was addressed by improving the detection of client IP addresses in 391dd7f. This patch is part of CasaOS...

9.8CVSS0.07356EPSS
Exploits1References3
Prion
Prion
added 2023/07/17 9:15 p.m.20 views

Design/Logic Flaw

CasaOS is an open-source Personal Cloud system. Unauthenticated attackers can craft arbitrary JWTs and access features that usually require authentication and execute arbitrary commands as root on CasaOS instances. This problem was addressed by improving the validation of JWTs in commit 705bf1f...

7.5CVSS9.8AI score0.06789EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2023/07/17 9:15 p.m.24 views

Design/Logic Flaw

CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthenticated attackers can execute arbitrary commands as root on CasaOS instances. The problem was addressed by improving the detection of client IP addresses in 391dd7f. This patch is part of CasaOS...

7.5CVSS9.7AI score0.07356EPSS
Exploits1References2Affected Software2
Vulnrichment
Vulnrichment
added 2023/07/17 8:59 p.m.14 views

CVE-2023-37265 Incorrect identification of source IP addresses in CasaOS

CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthenticated attackers can execute arbitrary commands as root on CasaOS instances. The problem was addressed by improving the detection of client IP addresses in 391dd7f. This patch is part of CasaOS...

9.8CVSS9.8AI score0.07356EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/07/17 8:59 p.m.31 views

CVE-2023-37265 Incorrect identification of source IP addresses in CasaOS

CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthenticated attackers can execute arbitrary commands as root on CasaOS instances. The problem was addressed by improving the detection of client IP addresses in 391dd7f. This patch is part of CasaOS...

9.8CVSS9.9AI score0.07356EPSS
Exploits1References3
CVE
CVE
added 2023/07/17 8:59 p.m.151 views

CVE-2023-37265

CVE-2023-37265 concerns CasaOS: an authentication bypass via incorrect handling of internal IP addresses in the CasaOS Gateway. The flaw allows an unauthenticated attacker to execute commands with root privileges on CasaOS instances due to IP verification weaknesses. Affected are versions prior t...

9.8CVSS9.7AI score0.07356EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2023/07/17 8:59 p.m.26 views

CVE-2023-37265 Incorrect identification of source IP addresses in CasaOS

CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthenticated attackers can execute arbitrary commands as root on CasaOS instances. The problem was addressed by improving the detection of client IP addresses in 391dd7f. This patch is part of CasaOS...

9.8CVSS9.7AI score0.07356EPSS
Exploits1References5
Rows per page
Query Builder