CVE-2022-27595

An insecure library loading vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local attackers who have gained user access to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QVPN Windo...

PT-2026-1094

Name of the Vulnerable Software and Affected Versions Qfinder Pro Mac versions prior to 7.13.0 Qsync for Mac versions prior to 5.1.5 QVPN Device Client for Mac versions prior to 2.2.8 Description A path traversal issue exists that could allow a local attacker with a user account to read the...

EUVD-2023-27470

Malicious code in bioql PyPI...

EUVD-2022-32096

Malicious code in bioql PyPI...

EUVD-2023-27471

Malicious code in bioql PyPI...

CVE-2023-23371

A cleartext transmission of sensitive information vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to read sensitive data via unspecified vectors. We have already fixed the vulnerability in the following...

CVE-2023-23370

An insufficiently protected credentials vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to gain access to user accounts and access sensitive data used by the user account via unspecified vectors. We have...

CVE-2024-53694

The CVE-2024-53694 issue is a TOCTOU race condition affecting QNAP products: QVPN Device Client for Mac, Qsync for Mac, and Qfinder Pro Mac. The vulnerability could allow local attackers with user access to access otherwise unauthorized resources. Mitigation/fix: patches are available in QVPN Dev...

CVE-2024-53694 QVPN Device Client, Qsync, Qfinder Pro

A time-of-check time-of-use TOCTOU race condition vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow local attackers who have gained user access to gain access to otherwise unauthorized resources. We have already fixed the vulnerability...

CVE-2024-53694 QVPN Device Client, Qsync, Qfinder Pro

A time-of-check time-of-use TOCTOU race condition vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow local attackers who have gained user access to gain access to otherwise unauthorized resources. We have already fixed the vulnerability...

CVE-2022-27595

An insecure library loading vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local attackers who have gained user access to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QVPN Windo...

CVE-2022-27595

An insecure library loading vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local attackers who have gained user access to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QVPN Windo...

CVE-2022-27595

CVE-2022-27595 corresponds to an insecure library loading vulnerability in QNAP’s QVPN Device Client. Multiple connected sources consistently state that a local attacker who already has user access can exploit this issue to execute unauthorized code or commands on affected systems. The problem is...

CVE-2022-27595 QVPN Device Client

An insecure library loading vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local attackers who have gained user access to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QVPN Windo...

CVE-2022-27595 QVPN Device Client

An insecure library loading vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local attackers who have gained user access to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QVPN Windo...

QVPN Device Client 代码问题漏洞

QNAP Systems QVPN Device Client is a client software from China Weilian Technology QNAP Systems that is used to manage connections to VPN servers running on QNAP devices. A code issue vulnerability exists in QVPN Device Client that stems from an insecure library loading vulnerability that allows ...

CVE-2023-23371

A cleartext transmission of sensitive information vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to read sensitive data via unspecified vectors. We have already fixed the vulnerability in the following...

Design/Logic Flaw

An insufficiently protected credentials vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to gain access to user accounts and access sensitive data used by the user account via unspecified vectors. We have...

CVE-2023-23371 QVPN Device Client

A cleartext transmission of sensitive information vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to read sensitive data via unspecified vectors. We have already fixed the vulnerability in the following...

CVE-2023-23371 QVPN Device Client

A cleartext transmission of sensitive information vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to read sensitive data via unspecified vectors. We have already fixed the vulnerability in the following...