Security News > 2023 > October > Critical Vulnerabilities Uncovered in Open Source CasaOS Cloud Software
2023-10-17 14:37
Two critical security flaws discovered in the open-source CasaOS personal cloud software could be successfully exploited by attackers to achieve arbitrary code execution and take over susceptible systems. The vulnerabilities, tracked as CVE-2023-37265 and CVE-2023-37266, both carry a CVSS score of 9.8 out of a maximum of 10. Sonar security researcher Thomas Chauchefoin, who discovered the bugs,
News URL
https://thehackernews.com/2023/10/critical-vulnerabilities-uncovered-in.html
Related news
- Researchers Uncover Vulnerabilities in Open-Source AI and ML Models (source)
- Admins better Spring into action over latest critical open source vuln (source)
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
- Critical vulnerabilities persist in high-risk sectors (source)
- Google's AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source Projects (source)
- Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities (source)
- CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-07-17 | CVE-2023-37266 | Unspecified vulnerability in Icewhale Casaos CasaOS is an open-source Personal Cloud system. | 9.8 |
2023-07-17 | CVE-2023-37265 | Unspecified vulnerability in Icewhale Casaos CasaOS is an open-source Personal Cloud system. | 9.8 |