QNAP Systems QTS 和QuTS hero 操作系统命令注入漏洞

QNAP QTS is a NAS operating system developed by QNAPSystems, Inc. designed for network attached storage devices, providing data management, backup, multimedia entertainment, etc. QNAP QuTS hero is an enterprise-grade operating system developed by QNAP for its networked storage devices NAS, which ...

AVTECH IP camera 命令注入漏洞

AVTECH IP camera is a series of network security cameras from AVTECH. AVTECH IP camera suffers from a command injection vulnerability that originates from commands that can be injected over the network and executed without authentication...

CVE-2024-21140

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0....

AZL-50529 CVE-2024-21160 affecting package mysql for versions less than 8.0.40-1

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

FreeBSD : MySQL -- Multiple vulnerabilities (3b018063-4358-11ef-b611-84a93843eb75)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 3b018063-4358-11ef-b611-84a93843eb75 advisory. Oracle reports: 36 new security patches for Oracle MySQL. 11 of these vulnerabilities may be remotely...

CVE-2023-38370

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1, under certain configurations, could allow a user on the network to install malicious packages. IBM X-Force ID: 261197...

CentOS 8 : edk2 (CESA-2024:3017)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2024:3017 advisory. - EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable function, allowing a user to trigger a heap buffer overflow via a local network...

CVE-2024-27130

CVE-2024-27130 affects QNAP QTS and QuTS hero (NAS devices) with a stack-based buffer overflow in a network-facing path. The root cause, as reported in connected exploit handling, is unsafe use of strcpy in the share.cgi No_Support_ACL function, allowing remote code execution via crafted network ...

CVE-2024-27128 QTS, QuTS hero

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following version: QTS...

CVE-2024-21902 QTS, QuTS hero

An incorrect permission assignment for critical resource vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the vulnerability in the...

CVE-2024-21902 QTS, QuTS hero

An incorrect permission assignment for critical resource vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the vulnerability in the...

CVE-2024-21902

CVE-2024-21902 affects QNAP QTS and QuTS hero systems, stemming from an incorrect permission assignment for a critical resource. The vulnerability could allow authenticated users to read or modify the resource over a network. Public details in the provided documents confirm affected products are ...

CVE-2024-30206

The CVE-2024-30206 vulnerability affects Siemens SIMATIC RTLS Locating Manager components (clients) across versions prior to 3.0.1.1. The issue is that update files are not properly checked for integrity, allowing an unauthenticated remote attacker to modify update files in transit and induce an ...

CVE-2024-22546

Affected product: TRENDnet TEW-815DAP, v1.0.2.0. Vulnerability: Command Injection via the do_setNTP function. Root cause / vector: An authenticated administrator can trigger a network-accessible command injection by sending a malicious POST request to the device. Impact (as stated): Potential for...

CVE-2024-4244

A vulnerability classified as critical was found in Tenda W9 1.0.0.74456. Affected by this vulnerability is the function fromDhcpSetSer of the file /goform/DhcpSetSer. The manipulation of the argument dhcpStartIp/dhcpEndIp/dhcpGw/dhcpMask/dhcpLeaseTime/dhcpDns1/dhcpDns2 leads to stack-based buffe...

CVE-2024-32766

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later...

CVE-2024-27124

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later...

CVE-2024-21905

An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions: QTS...

CVE-2023-50361 QTS, QuTS hero

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS...

CVE-2023-50364

CVE-2023-50364 : A buffer copy without input size validation affects QNAP QTS and QuTS hero (networked, authenticated access). The issue could allow code execution by a logged-in user over the network. Fixed versions are QTS 5.1.6.2722 build 20240402 and later, and QuTS hero h5.1.6.2734 build 202...