Qnap QTS Heap-based Buffer Overflow (CVE-2023-50364)

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS...

Qnap QTS Cross-site Scripting (CVE-2018-0716)

Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4.3.3: Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5: Qsync Central 3.0.4 and earlier versions could allow remote attackers to inject Javascript code in the compromised application. This plugin only works with...

SUSE Linux Enterprise Server For SAP SEoL (12.1.x)

According to its version, SUSE Linux Enterprise Server For SAP is 12.1.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities...

Qnap QTS Cross-site Scripting (CVE-2018-0719)

Cross-site Scripting XSS vulnerability in NAS devices of QNAP Systems Inc. QTS allows attackers to inject javascript. This issue affects: QNAP Systems Inc. QTS version 4.2.6 and prior versions on build 20180711; version 4.3.3 and prior versions on build 20180725; version 4.3.4 and prior versions ...

Ivanti Avalanche < 6.4.5 Multiple Vulnerabilities

The version of Ivanti Avalanche running on the remote host is prior to 6.4.5. It is, therefore, is affected by multiple vulnerabilities : - A NULL pointer dereference in WLAvalancheService allows a remote unauthenticated attacker to crash the service. CVE-2024-47007 - Server-side request forgery...

RHEL 8 / 9 : java-11-openjdk (RHSA-2024:8121)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:8121 advisory. The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security...

Qnap QTS SQL Injection (CVE-2023-47568)

A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 2024011...

Amazon Corretto Java 8.x < 8.432.06.1 Multiple Vulnerabilities

The version of Amazon Corretto installed on the remote host is prior to 8 8.432.06.1. It is, therefore, affected by multiple vulnerabilities as referenced in the corretto-8-2024-Oct-15 advisory. - core-libs/java.net CVE-2024-21208 - hotspot/compiler CVE-2024-21210, CVE-2024-21235 -...

Qnap QTS OS Command Injection (CVE-2017-6361)

QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if descripti...

Qnap QTS Command Injection (CVE-2018-14746)

Command Injection vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to run arbitrary commands on the NAS. This plugin only works with Tenable.ot. Please visit...

Qnap Multiple Vulnerabilities in QTS, QuTS hero and QuTScloud (CVE-2023-47218)

Multiple vulnerabilities have been reported to affect several QNAP operating system versions. If exploited, the OS command injection vulnerabilities could allow users to execute commands via a network. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-o...

Qnap QTS OS Command Injection (CVE-2023-23367)

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376...

Qnap QES Use of Hard-coded Credentials (CVE-2020-2499)

A hard-coded password vulnerability has been reported to affect earlier versions of QES. If exploited, this vulnerability could allow attackers to log in with a hard-coded password. QNAP has already fixed the issue in QES 2.1.1 Build 20200515 and later. This plugin only works with Tenable.ot...

SUSE Linux Enterprise Server For SAP SEoL (12.2.x)

According to its version, SUSE Linux Enterprise Server For SAP is 12.2.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities...

Qnap QTS Link Following (CVE-2019-7183)

This improper link resolution vulnerability allows remote attackers to access system files. To fix this vulnerability, QNAP recommend updating QTS to their latest versions. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

Qnap QTS Cross-site Scripting (CVE-2017-13072)

Cross-site scripting XSS vulnerability in App Center in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20171213, QTS 4.3.4 build 20171223, and their earlier versions could allow remote attackers to inject Javascript code. This plugin only works with Tenable.ot. Please visit...

Qnap QTS Incorrect Authorization (CVE-2018-14748)

Improper Authorization vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to power off the NAS. This plugin only works with Tenable.ot. Please visit...

Qnap QTS OS Command Injection (CVE-2024-21898)

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build...

Qnap QTS Out-of-bounds Write (CVE-2023-32973)

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...

Qnap QTS OS Command Injection (CVE-2024-21906)

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823...