Design/Logic Flaw

CasaOS is an open-source Personal Cloud system. Unauthenticated attackers can craft arbitrary JWTs and access features that usually require authentication and execute arbitrary commands as root on CasaOS instances. This problem was addressed by improving the validation of JWTs in commit 705bf1f...

CVE-2023-37266

CasaOS suffers an authentication bypass via crafted JWTs in versions before 0.4.4. Unauthenticated attackers can exploit weak/random JWT handling to access features that require authentication and potentially execute commands as root on affected instances. The underlying issue is tied to inadequa...

The vulnerability in the implementation of the SSLContext class in My Cloud OS operating systems allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the SSLContext class implementation in My Cloud OS networking storage operating systems is related to the choice of a less secure algorithm during negotiation processes. Exploiting this vulnerability can allow attackers to compromise the confidentiality, integrity, and...

CVE-2021-43019 Adobe Creative Cloud Incorrect Permission Assignment Privilege Escalation Vulnerability

Adobe Creative Cloud version 5.5 and earlier are affected by a privilege escalation vulnerability in the resources leveraged by the Setup.exe service. An unauthenticated attacker could leverage this vulnerability to remove files and escalate privileges under the context of SYSTEM . An attacker mu...

General Overview of Vulnerability Management

In a world where most companies take nearly six months to detect a data breach, establishing a comprehensive and continuous process for identifying, classifying, mitigating and preventing security vulnerabilities within an organization can help prevent current cybersecurity challenges...

Soar Cloud System Access Control Error Vulnerability

Soar Cloud System is a HR system solution system developed by Soar. Soar Cloud System HR Portal has an access control error that allows remote attackers to access sensitive data through specific packets e.g., user's login information while obtaining a user ID, thus preventing the login function...

Soar Cloud System SQL Injection Vulnerability

Soar Cloud System is a HR system solution system developed by Soar. The Soar Cloud System HR portal suffers from a SQL injection vulnerability that stems from not filtering SQL injection statements, which allows a remote attacker to inject SQL syntax and obtain all data in the database without...

CVE-2021-22853

The HR Portal of Soar Cloud System fails to manage access control. While obtaining user ID, remote attackers can access sensitive data via a specific data packet, such as user’s login information, further causing the login function not to work...

CVE-2021-22854

The HR Portal of Soar Cloud System fails to filter specific parameters. Remote attackers can inject SQL syntax and obtain all data in the database without privilege...

CVE-2021-22853

The HR Portal of Soar Cloud System fails to manage access control. While obtaining user ID, remote attackers can access sensitive data via a specific data packet, such as user’s login information, further causing the login function not to work...

CVE-2021-22855

The specific function of HR Portal of Soar Cloud System accepts any type of object to be deserialized. Attackers can send malicious serialized objects to execute arbitrary commands...

CVE-2021-22854

The HR Portal of Soar Cloud System fails to filter specific parameters. Remote attackers can inject SQL syntax and obtain all data in the database without privilege...

CVE-2021-22855

The specific function of HR Portal of Soar Cloud System accepts any type of object to be deserialized. Attackers can send malicious serialized objects to execute arbitrary commands...

Command injection

The specific function of HR Portal of Soar Cloud System accepts any type of object to be deserialized. Attackers can send malicious serialized objects to execute arbitrary commands...

Privilege escalation

The HR Portal of Soar Cloud System fails to filter specific parameters. Remote attackers can inject SQL syntax and obtain all data in the database without privilege...

CVE-2021-22854

The CVE-2021-22854 entry concerns the Soar Cloud System HR Portal, where input parameter filtering failures enable an SQL injection in the HR portal. The root cause is inadequate validation of parameters, allowing remote attackers to inject SQL syntax and retrieve all database data without privil...

CVE-2021-22855 Soar Cloud System Co., Ltd. HR Portal - Arbitrary Code Execution

The specific function of HR Portal of Soar Cloud System accepts any type of object to be deserialized. Attackers can send malicious serialized objects to execute arbitrary commands...

CVE-2021-22854 Soar Cloud System Co., Ltd. HR Portal - SQL Injection

The HR Portal of Soar Cloud System fails to filter specific parameters. Remote attackers can inject SQL syntax and obtain all data in the database without privilege...

CVE-2021-22855

CVE-2021-22855 affects the HR Portal of Soar Cloud System, where the deserialization function accepts any object type, enabling execution of arbitrary commands. According to NVD data, this is a remote, high-severity issue (CVSS v3.1: 9.8, CRITICAL; CVSS v2.0: 7.5, HIGH) with network access, low a...

CVE-2021-22853

CVE-2021-22853 affects the Soar Cloud System HR Portal. The vulnerability is a broken access control that, when obtaining a user ID, allows remote attackers to access sensitive data via a specific data packet (for example, user login information) and can cause the login function to fail. The docu...