SUSE Linux Enterprise Server For SAP SEoL (12.0.x)

According to its version, SUSE Linux Enterprise Server For SAP is 12.0.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities...

Qnap QTS Command Injection (CVE-2023-45025)

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later...

SUSE Linux Enterprise Server For SAP SEoL (11.4.x)

According to its version, SUSE Linux Enterprise Server For SAP is 11.4.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities...

Qnap QTS NULL Pointer Dereference (CVE-2023-41274)

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service DoS attack via a network. We have already fixed the vulnerability in the following...

Qnap QTS Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2017-17030)

A buffer overflow vulnerability in login function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 Beta 2 build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices. This plugin only works with Tenable.ot. Please visit...

Qnap QTS Stack-based Buffer Overflow (CVE-2023-50361)

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS...

Qnap QTS and myQNAPcloud SQL Injection (CVE-2024-21901)

A SQL injection vulnerability has been reported to affect myQNAPcloud. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following versions: myQNAPcloud 1.0.52 2023/11/24 and later QTS...

SUSE Linux Enterprise Server For SAP SEoL (15.1.x)

According to its version, SUSE Linux Enterprise Server For SAP is 15.1.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities...

Qnap QTS Out-of-bounds Read (CVE-2022-27598)

A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP QVR Pro appliances...

Fedora 40 : pdns-recursor (2024-af0bf62ac6)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-af0bf62ac6 advisory. Update to latest upstream Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...

Qnap QTS Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2018-0721)

Buffer Overflow vulnerability in NAS devices. QTS allows attackers to run arbitrary code. This issue affects: QNAP Systems Inc. QTS version 4.2.6 and prior versions on build 20180711; version 4.3.3 and prior versions on build 20180725; version 4.3.4 and prior versions on build 20180710. This plug...

Qnap QTS Classic Buffer Overflow (CVE-2024-27128)

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following version: QTS...

SUSE Linux Enterprise Server For SAP SEoL (15.5.x)

According to its version, SUSE Linux Enterprise Server For SAP is 15.5.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities...

Qnap QTS Command Injection (CVE-2020-2492)

If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot...

Qnap QTS Cleartext Transmission of Sensitive Information (CVE-2023-34972)

A cleartext transmission of sensitive information vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows local network clients to read the contents of unexpected sensitive data via unspecified vectors. We have already fixed the...

Ubuntu 14.04 LTS : Vim vulnerability (USN-7048-2)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7048-2 advisory. USN-7048-1 fixed a vulnerability in Vim. This update provides the corresponding update for Ubuntu 14.04 LTS. Tenable has extracted the preceding description block...

Qnap QTS OS Command Injection (CVE-2021-28802)

A command injection vulnerabilities have been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.1.1540 build 20210107. QNAP Systems Inc...

Amazon Corretto Java 17.x < 17.0.13.11.1 Multiple Vulnerabilities

The version of Amazon Corretto installed on the remote host is prior to 17 17.0.13.11.1. It is, therefore, affected by multiple vulnerabilities as referenced in the corretto-17-2024-Oct-15 advisory. - core-libs/java.net CVE-2024-21208 - hotspot/compiler CVE-2024-21210, CVE-2024-21235 -...

Qnap QTS OS Command Injection (CVE-2023-47567)

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645...

Qnap QTS OS Command Injection (CVE-2023-23362)

An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability allows remote authenticated users to execute commands via susceptible QNAP devices. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build...