405 matches found
CVE-2024-50405
An improper neutralization of CRLF sequences 'CRLF Injection' vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify application data. We have already fixed the...
CVE-2024-53696
A server-side request forgery SSRF vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read application data. We have already fixed the vulnerability in the following versions: QuLog Center...
CVE-2024-53696
A server-side request forgery SSRF vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read application data. We have already fixed the vulnerability in the following versions: QuLog Center...
CVE-2024-53696 QuLog Center
A server-side request forgery SSRF vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read application data. We have already fixed the vulnerability in the following versions: QuLog Center...
CVE-2024-53696
CVE-2024-53696 is an SSRF vulnerability affecting QNAP products, specifically QuLog Center (readable data by admins), with fixes in QuLog Center 1.7.0.829+ and 1.8.0.888+, QTS 4.5.4.2957+ (build 20241119+), and QuTS hero h4.5.4.2956+ (build 20241119+). The issue originates from server-side reques...
CVE-2024-50405
CVE-2024-50405 affects QNAP QTS and QuTS hero with CRLF Injection due to improper neutralization of CRLF sequences. Affected products and versions: QTS 5.2.3.3006 build 20250108 and later; QuTS hero h5.2.3.3006 build 20250108 and later. Root cause is improper CRLF sequence handling, enabling a re...
CVE-2024-50405 QTS, QuTS hero
An improper neutralization of CRLF sequences 'CRLF Injection' vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify application data. We have already fixed the...
The vulnerability of the software tool for collecting network and application performance data from Cisco ThousandEyes Endpoint Agent, related to errors in the certificate validation process, allows attackers to escalate their privileges.
The vulnerability of the software tool for collecting network performance and Cisco ThousandEyes Endpoint Agent application data is related to errors in the certificate validation process. Exploiting this vulnerability can allow an attacker to increase their privileges remotely...
CVE-2023-23354
A cross-site scripting XSS vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to bypass security mechanisms or read application data. We have already fixed the vulnerability in...
CVE-2023-23354 QuLog Center
A cross-site scripting XSS vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to bypass security mechanisms or read application data. We have already fixed the vulnerability in...
CVE-2023-23357 QuLog Center
A cross-site scripting XSS vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to bypass security mechanisms or read application data. We have already fixed the...
CVE-2023-23357
CVE-2023-23357 affects QNAP’s QuLog Center (various versions) with a cross-site scripting (XSS) flaw. The vulnerability arises in QuLog Center prior to fixed versions and could let an attacker with administrator access bypass security controls or read application data. Affected/fixed details per ...
CVE-2024-48867
CVE-2024-48867 concerns CRLF injection in QNAP QTS and QuTS Hero. Affected products/versions include QTS 5.1.9.2954 (build 20241120) and later, QTS 5.2.2.2950 (build 20241114) and later, QuTS hero h5.1.9.2954 (build 20241120) and later, and QuTS hero h5.2.2.2952 (build 20241116) and later. The CW...
CVE-2024-48867 QTS, QuTS hero
An improper neutralization of CRLF sequences 'CRLF Injection' vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in the following version...
PT-2024-38930 · Siempelkamp · Umweltoffice
Name of the Vulnerable Software and Affected Versions: Web Application affected versions not specified Description: A low privileged remote attacker can insert a SQL injection in the web application due to improper handling of HTTP request input data, which allows the exfiltration of all data. Th...
CVE-2024-38645
A server-side request forgery SSRF vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote authenticated attackers to read application data. We have already fixed the vulnerability in the following version: Notes Station 3 3.9.7 and later...
CVE-2024-38645 Notes Station 3
A server-side request forgery SSRF vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote authenticated attackers to read application data. We have already fixed the vulnerability in the following version: Notes Station 3 3.9.7 and later...
CVE-2024-38645 Notes Station 3
A server-side request forgery SSRF vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote authenticated attackers to read application data. We have already fixed the vulnerability in the following version: Notes Station 3 3.9.7 and later...
CVE-2023-20039
A vulnerability in Cisco IND could allow an authenticated, local attacker to read application data. This vulnerability is due to insufficient default file permissions that are applied to the application data directory. An attacker could exploit this vulnerability by accessing files in the...
CVE-2023-20039
A vulnerability in Cisco IND could allow an authenticated, local attacker to read application data. This vulnerability is due to insufficient default file permissions that are applied to the application data directory. An attacker could exploit this vulnerability by accessing files in the...