Security
Headlines

Headlines Latest CVEs

Headline

GHSA-92vc-4fcw-g68q: CasaOS Command Injection vulnerability

CasaOS is an open-source personal cloud system. Prior to version 0.4.4, if an authenticated user using CasaOS is able to successfully connect to a controlled SMB server, they are able to execute arbitrary commands. Version 0.4.4 contains a patch for the issue.

3 months ago

#vulnerability #git #samba #auth

CasaOS Command Injection vulnerability

High severity GitHub Reviewed Published Aug 5, 2024 to the GitHub Advisory Database • Updated Aug 5, 2024

Related news

CVE-2023-37469: CasaOS/service/connections.go at 96e92842357230098c771bc41fd3baf46189b859 · IceWhaleTech/CasaOS

CasaOS is an open-source personal cloud system. Prior to version 0.4.4, if an authenticated user using CasaOS is able to successfully connect to a controlled SMB server, they are able to execute arbitrary commands. Version 0.4.4 contains a patch for the issue.

1 year ago

#vulnerability #git #samba #auth

ghsa: Latest News

GHSA-w5rq-g9r6-vrcg: @dapperduckling/keycloak-connector-server has Reflected XSS Vulnerability in Authentication Flow URL Handling

1 hour ago

GHSA-q4xm-6fjc-5f6w: sigstore-java has vulnerability with bundle verification

1 hour ago

GHSA-v7vm-rhmg-8j2r: Password Policy Bypass Vulnerability in Fides Webserver User Accept Invite API

1 hour ago

GHSA-2xcc-vm3f-m8rw: @lobehub/chat Server Side Request Forgery vulnerability

2 hours ago

GHSA-486g-47cc-8wxf: aiocpa contains credential harvesting code

20 hours ago