CVE-2024-21902 QTS, QuTS hero

An incorrect permission assignment for critical resource vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the vulnerability in the...

CVE-2024-21902

CVE-2024-21902 affects QNAP QTS and QuTS hero systems, stemming from an incorrect permission assignment for a critical resource. The vulnerability could allow authenticated users to read or modify the resource over a network. Public details in the provided documents confirm affected products are ...

CVE-2024-21902 QTS, QuTS hero

An incorrect permission assignment for critical resource vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the vulnerability in the...

CVE-2024-30206

The CVE-2024-30206 vulnerability affects Siemens SIMATIC RTLS Locating Manager components (clients) across versions prior to 3.0.1.1. The issue is that update files are not properly checked for integrity, allowing an unauthenticated remote attacker to modify update files in transit and induce an ...

CVE-2024-22546

Affected product: TRENDnet TEW-815DAP, v1.0.2.0. Vulnerability: Command Injection via the do_setNTP function. Root cause / vector: An authenticated administrator can trigger a network-accessible command injection by sending a malicious POST request to the device. Impact (as stated): Potential for...

CVE-2024-4244

A vulnerability classified as critical was found in Tenda W9 1.0.0.74456. Affected by this vulnerability is the function fromDhcpSetSer of the file /goform/DhcpSetSer. The manipulation of the argument dhcpStartIp/dhcpEndIp/dhcpGw/dhcpMask/dhcpLeaseTime/dhcpDns1/dhcpDns2 leads to stack-based buffe...

CVE-2024-32766

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later...

CVE-2024-27124

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later...

CVE-2024-21905

An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions: QTS...

CVE-2023-50361 QTS, QuTS hero

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS...

CVE-2023-50364

CVE-2023-50364 : A buffer copy without input size validation affects QNAP QTS and QuTS hero (networked, authenticated access). The issue could allow code execution by a logged-in user over the network. Fixed versions are QTS 5.1.6.2722 build 20240402 and later, and QuTS hero h5.1.6.2734 build 202...

CVE-2024-21905

CVE-2024-21905 is an integer overflow/wraparound vulnerability affecting QNAP QTS, QuTS Hero, and QuTScloud. The issue could allow an attacker to compromise the system remotely over the network. Affected/confirmed versions include QTS 5.1.3.2578 build 20231110 and later, QuTS Hero h5.1.3.2578 bui...

CVE-2024-32764 myQNAPcloud Link

A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users with the privilege level of some functionality via a network. We have already fixed the vulnerability in the following version: myQNAPcloud...

PT-2024-3534 · Qnap · Qts +1

Name of the Vulnerable Software and Affected Versions: QTS versions prior to 5.1.6.2722 build 20240402 QuTS hero versions prior to h5.1.6.2734 build 20240414 Description: The issue is caused by a buffer copy without checking the size of the input, which may allow authenticated users to execute co...

CVE-2024-21085

A flaw was found in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Concurrency. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition...

OpenJDK: C2 compilation fails with "Exceeded _node_regs array" (8317507)

A flaw was found in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalV...

CVE-2024-21109

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 7.0.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle VM VirtualBox. Successful...

CVE-2023-34980

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 4.5.4.2627...

QNAP QTS / QuTS hero Multiple Vulnerabilities in QTS, QuTS hero (QSA-23-57)

The version of QNAP QTS / QuTS hero installed on the remote host is affected by multiple vulnerabilities as referenced in the QSA-23-57 advisory: - An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow...

CVE-2023-50358

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later...