6 matches found
CVE-2024-38645
CVE-2024-38645 affects QNAP Notes Station 3. The issue is a server-side request forgery (SSRF) that could allow remote authenticated attackers to read application data. Public details confirm the vulnerability exists in Notes Station 3 versions prior to 3.9.7 and that 3.9.7 and later versions inc...
CVE-2024-38643
CVE-2024-38643 affects QNAP Notes Station 3. The issue is a missing authentication for a critical function, allowing remote attackers to gain access to and execute certain functions. The vulnerability is documented with a high impact and network-based attack vector (CVSS 3.1/4.0 metrics indicate ...
CVE-2024-27126
CVE-2024-27126 affects QNAP Notes Station 3 with a cross‑site scripting (XSS) vulnerability. The issue could allow authenticated users to inject malicious code over the network. Affected versions are prior to 3.9.6; remediation is to upgrade to Notes Station 3 version 3.9.6 or later. The CVE entr...
CVE-2024-38646
The CVE-2024-38646 entry affects Notes Station 3. An incorrect permission assignment for a critical resource could allow local authenticated attackers with administrator access to read or modify the resource. Remediation: vulnerability fixed in Notes Station 3 version 3.9.7 and later. Impact deta...
CVE-2024-38644
Notes Station 3 is affected by an OS command injection vulnerability prior to version 3.9.7. The issue could allow remote authenticated attackers to execute commands on affected systems. A fix is available in Notes Station 3 version 3.9.7 and later (3.9.7+); versions before 3.9.7 should upgrade t...
CVE-2024-27122
CVE-2024-27122 affects QNAP Notes Station 3. The vulnerability is a cross-site scripting (XSS) flaw that could allow authenticated users to inject malicious code via the network. Affected versions: Notes Station 3 prior to 3.9.6. Mitigation: upgrade to Notes Station 3 version 3.9.6 or later, whic...