CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-21901 – myQNAPcloud
https://notcve.org/view.php?id=CVE-2024-21901
A SQL injection vulnerability has been reported to affect myQNAPcloud. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following versions: myQNAPcloud 1.0.52 ( 2023/11/24 ) and later QTS 4.5.4.2627 build 20231225 and later Se ha informado que una vulnerabilidad de inyección SQL afecta a myQNAPcloud. Si se explota, la vulnerabilidad podría permitir a los administradores autenticados inyectar código malicioso a través de una red. El fabricante ha solucionado la vulnerabilidad en las siguientes versiones: myQNAPcloud 1.0.52 (2023/11/24) y posteriores QTS 4.5.4.2627 compilación 20231225 y posteriores This vulnerability allows remote attackers to execute arbitrary code on affected installations of QNAP TS-464 NAS devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the authLogin endpoint. • https://www.qnap.com/en/security-advisory/qsa-24-09 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 27%CPEs: 1EXPL: 1CVE-2019-7181 – QNAP myQNAPcloud Connect 1.3.4.0317 - 'Username/Password' Denial of Service
https://notcve.org/view.php?id=CVE-2019-7181
Buffer Overflow vulnerability in myQNAPcloud Connect 1.3.3.0925 and earlier could allow remote attackers to crash the program. Una vulnerabilidad de desbordamiento de búfer en myQNAPcloud Connect versión 1.3.3.0925 y anteriores, podría permitir que los atacantes remotos bloqueen el programa. QNAP myQNAPcloud Connect version 1.3.4.0317 suffers from a username / password denial of service vulnerability. • https://www.exploit-db.com/exploits/46733 http://packetstormsecurity.com/files/152570/QNAP-myQNAPcloud-Connect-1.3.4.0317-Username-Password-Denial-Of-Service.html https://www.qnap.com/zh-tw/security-advisory/nas-201905-09 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •