EUVD-2024-45928

Malicious code in bioql PyPI...

EUVD-2024-45930

Malicious code in bioql PyPI...

CVE-2024-37315

CVE-2024-37315 affects Nextcloud Server; with files_versions feature enabled, an attacker with read-only access to a file can restore older document versions. Remediation per sources: upgrade Nextcloud Server to 28.0.3 or later (and 26.0.12, 27.1.7 for broader Enterprise coverage; see associated ...

CVE-2023-37469

CasaOS is an open-source personal cloud system. Prior to version 0.4.4, if an authenticated user using CasaOS is able to successfully connect to a controlled SMB server, they are able to execute arbitrary commands. Version 0.4.4 contains a patch for the issue...

Design/Logic Flaw

CasaOS is an open-source personal cloud system. Prior to version 0.4.4, if an authenticated user using CasaOS is able to successfully connect to a controlled SMB server, they are able to execute arbitrary commands. Version 0.4.4 contains a patch for the issue...

Design/Logic Flaw

CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthenticated attackers can execute arbitrary commands as root on CasaOS instances. The problem was addressed by improving the detection of client IP addresses in 391dd7f. This patch is part of CasaOS...

Design/Logic Flaw

CasaOS is an open-source Personal Cloud system. Unauthenticated attackers can craft arbitrary JWTs and access features that usually require authentication and execute arbitrary commands as root on CasaOS instances. This problem was addressed by improving the validation of JWTs in commit 705bf1f...

CVE-2023-37266

CasaOS suffers an authentication bypass via crafted JWTs in versions before 0.4.4. Unauthenticated attackers can exploit weak/random JWT handling to access features that require authentication and potentially execute commands as root on affected instances. The underlying issue is tied to inadequa...