CVE-2023-32967 QTS, QuTScloud

An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to bypass intended access restrictions via a network. QTS 5.x, QuTS hero are not affected. We have already fixed the...

NVIDIA BMC Operating System Command Injection Vulnerability

NVIDIA BMC is an OpenBMC open software framework from NVIDIA. A security vulnerability exists in NVIDIA BMC, which originates from a root user that could lead to code injection via a network call, which could be exploited by an attacker to cause code execution on the operating system...

OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

DEBIAN-CVE-2022-36763

EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability...

AZL-39424 CVE-2022-36765 affecting package hvloader for versions less than 1.0.1-3

EDK2 is susceptible to a vulnerability in the CreateHob function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability...

PT-2024-1589 · Ami · Ami Megarac Sp-X

Name of the Vulnerable Software and Affected Versions: AMI MegaRAC SP-X affected versions not specified Description: The issue is related to a stack-based buffer overflow in the BMC of AMI's SPx, which can be exploited via an adjacent network. This can lead to a loss of confidentiality, integrity...

PT-2024-1584 · Ami · Ami Megarac Sp-X

Name of the Vulnerable Software and Affected Versions: AMI MegaRAC SP-X affected versions not specified Description: The issue is related to a heap memory corruption vulnerability in the BMC of AMI MegaRAC SP-X. This vulnerability can be exploited by an attacker via an adjacent network, potential...

CVE-2023-45041

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...

CVE-2023-41289

An OS command injection vulnerability has been reported to affect QcalAgent. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: QcalAgent 1.1.8 and later...

Input validation

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...

Input validation

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...

CVE-2023-45041 QTS, QuTS hero

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...

CVE-2023-45041 QTS, QuTS hero

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...

CVE-2023-45039 QTS, QuTS hero

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...

QNAP Systems QTS and QuTS hero security vulnerabilities

QNAP Systems QTS and QNAP Systems QuTS hero are both products of China Weilian Technology QNAP Systems.QNAP Systems QTS is an operating system used by entry to mid-level QNAP NAS.QNAP Systems QuTS hero is an operating system. A security vulnerability exists in QNAP Systems QTS prior to version...

Remotely exploitable denial of service in Rosenpass

Affected versions of this crate did not validate the size of buffers when attempting to decode messages. This allows an attacker to trigger a panic by sending a UDP datagram with a 1 byte payload over network. This flaw was corrected by validating the size of the buffers before attempting to deco...

Command injection

An OS command injection vulnerability has been found to affect legacy QNAP VioStor NVR models running QVR Firmware 4.x. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QVR Firmwar...

QNAP Systems QTS and QuTS hero security vulnerabilities

QNAP Systems QTS and QNAP Systems QuTS hero are both products of China Weilian Technology QNAP Systems, Inc.QNAP Systems QTS is an operating system used by entry to mid-level QNAP NAS.QNAP Systems QuTS hero is an operating system. A security vulnerability exists in QTS and QuTS hero that stems fr...

QNAP Systems QVR Operating System Command Injection Vulnerability

The QNAP Systems QVR is a QNAP monitoring system control center from China Weilian Technology QNAP Systems. An operating system command injection vulnerability exists in the QNAP Systems QVR version 4.x. An attacker could exploit this vulnerability to execute commands over the network...

CVE-2023-41285 QuMagie

A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.1.4 and later...