CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38643 – Notes Station 3
https://notcve.org/view.php?id=CVE-2024-38643
22 Nov 2024 — A missing authentication for critical function vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote attackers to gain access to and execute certain functions. We have already fixed the vulnerability in the following version: Notes Station 3 3.9.7 and later A missing authentication for critical function vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote attackers to gain access to and execute c... • https://www.qnap.com/en/security-advisory/qsa-24-36 • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 0CVE-2024-38644 – Notes Station 3
https://notcve.org/view.php?id=CVE-2024-38644
22 Nov 2024 — An OS command injection vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote authenticated attackers to execute commands. We have already fixed the vulnerability in the following version: Notes Station 3 3.9.7 and later An OS command injection vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote authenticated attackers to execute commands. We have already fixed the vulnerability in the following... • https://www.qnap.com/en/security-advisory/qsa-24-36 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38645 – Notes Station 3
https://notcve.org/view.php?id=CVE-2024-38645
22 Nov 2024 — A server-side request forgery (SSRF) vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote authenticated attackers to read application data. We have already fixed the vulnerability in the following version: Notes Station 3 3.9.7 and later A server-side request forgery (SSRF) vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote authenticated attackers to read application data. We have already fixe... • https://www.qnap.com/en/security-advisory/qsa-24-36 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38646 – Notes Station 3
https://notcve.org/view.php?id=CVE-2024-38646
22 Nov 2024 — An incorrect permission assignment for critical resource vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow local authenticated attackers who have gained administrator access to read or modify the resource. We have already fixed the vulnerability in the following version: Notes Station 3 3.9.7 and later An incorrect permission assignment for critical resource vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could a... • https://www.qnap.com/en/security-advisory/qsa-24-36 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27126 – Notes Station 3
https://notcve.org/view.php?id=CVE-2024-27126
06 Sep 2024 — A cross-site scripting (XSS) vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: Notes Station 3 3.9.6 and later A cross-site scripting (XSS) vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vul... • https://www.qnap.com/en/security-advisory/qsa-24-21 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-27122 – Notes Station 3
https://notcve.org/view.php?id=CVE-2024-27122
06 Sep 2024 — A cross-site scripting (XSS) vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: Notes Station 3 3.9.6 and later A cross-site scripting (XSS) vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vul... • https://www.qnap.com/en/security-advisory/qsa-24-21 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •