27 matches found
Systeminformation vulnerable to Linux command injection in networkInterfaces() via unsanitized NetworkManager connection profile name
Summary On Linux, systeminformation is vulnerable to command injection in networkInterfaces when an active NetworkManager connection profile name contains shell metacharacters. This is not caused by a caller passing attacker-controlled arguments into networkInterfaces. The vulnerable value is...
CVE-2024-14026 QTS, QuTS hero
A command injection vulnerability has been reported to affect several QNAP operating system versions. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in th...
EUVD-2023-27473
Malicious code in bioql PyPI...
EUVD-2023-43032
Malicious code in bioql PyPI...
EUVD-2024-24374
Malicious code in bioql PyPI...
EUVD-2023-45799
Malicious code in bioql PyPI...
EUVD-2023-39013
Malicious code in bioql PyPI...
EUVD-2023-51678
Malicious code in bioql PyPI...
CVE-2023-41283
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596...
CVE-2023-23368
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build 20230421 and later...
CVE-2023-39294
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578...
CVE-2023-45025
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later...
CVE-2023-47220
An OS command injection vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.5...
CVE-2023-47567
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645...
CVE-2024-32766
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later...
CVE-2024-21906
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823...
CVE-2023-47218 QTS, QuTS hero, QuTScloud
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later...
CVE-2023-47567
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645...
CVE-2023-47560 QuMagie
An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later...
QNAP Systems QuMagie Command Injection Vulnerability
QNAP Systems QuMagie is a QTS photo management application from QNAP Systems. A command injection vulnerability exists in QNAP Systems QuMagie prior to version 2.2.1, which stems from the presence of an operating system command injection vulnerability that could allow an authenticated user to...