Qnap QTS Path Traversal (CVE-2023-45026)

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in...

Qnap QTS OS Command Injection (CVE-2023-47567)

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645...

Qnap QTS OS Command Injection (CVE-2021-28802)

A command injection vulnerabilities have been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.1.1540 build 20210107. QNAP Systems Inc...

Qnap QTS Cross-site Scripting (CVE-2018-19943)

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed these issues in the following QTS versions. QTS 4.4.2.1270 build 20200410 and later QTS 4.4.1.1261 build 20200330 and later QTS 4.3.6.1263 build 20200330 and later Q...

Qnap QTS Command Injection (CVE-2020-2490)

If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot...

Qnap QTS Exposure of Sensitive Information to an Unauthorized Actor (CVE-2017-7630)

QNAP QTS 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier allows remote attackers to obtain potentially sensitive information firmware version and running services via a request to sysinfoReq.cgi. This plugin only works with Tenable.ot. Please visit...

Qnap QTS NULL Pointer Dereference (CVE-2018-14747)

NULL Pointer Dereference vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to crash the NAS media server. This plugin only works with Tenable.ot. Please visit...

Qnap QTS Incorrect Permission Assignment for Critical Resource (CVE-2024-21902)

An incorrect permission assignment for critical resource vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the vulnerability in the...

SUSE SLES15 / openSUSE 15 Security Update : keepalived (SUSE-SU-2024:3634-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:3634-1 advisory. - CVE-2024-41184: Fixed integer overflow in vrrpipsetshandler bsc1228123 Tenable has extracted the preceding description block directly fr...

Fedora 39 : pdns-recursor (2024-08a6626c11)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-08a6626c11 advisory. Update to latest upstream Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...

OpenSSL 3.2.0 < 3.2.4 Vulnerability

The version of OpenSSL installed on the remote host is prior to 3.2.4. It is, therefore, affected by a vulnerability as referenced in the 3.2.4 advisory. - Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-boun...

Qnap QTS Cross-site Scripting (CVE-2023-50366)

A cross-site scripting XSS vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QTS...

Qnap QTS Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2017-17033)

A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 Beta 2 build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices. This plugin only works with Tenable.ot. Please visit...

Qnap QuTS hero Cross-site Scripting (CVE-2020-2498)

If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in certificate configuration. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 bui...

SUSE Linux Enterprise Server For SAP SEoL (11.1.x)

According to its version, SUSE Linux Enterprise Server For SAP is 11.1.x. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities...

Qnap QTS Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2017-17032)

A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 Beta 2 build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices. This plugin only works with Tenable.ot. Please visit...

Qnap QTS Exposure of Sensitive Information to an Unauthorized Actor (CVE-2017-5227)

QNAP QTS before 4.2.4 Build 20170313 allows local users to obtain sensitive Domain Administrator password information by reading data in an XOR format within the /etc/config/uLinux.conf configuration file. This plugin only works with Tenable.ot. Please visit...

Qnap QTS OS Command Injection (CVE-2023-39300)

An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 4.3.6.2805 build 20240619 and later QTS...

Qnap QTS Injection (CVE-2024-21900)

An injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and...

Qnap QTS OS Command Injection (CVE-2023-23362)

An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability allows remote authenticated users to execute commands via susceptible QNAP devices. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build...