CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38643 – Notes Station 3
https://notcve.org/view.php?id=CVE-2024-38643
22 Nov 2024 — A missing authentication for critical function vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote attackers to gain access to and execute certain functions. We have already fixed the vulnerability in the following version: Notes Station 3 3.9.7 and later A missing authentication for critical function vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote attackers to gain access to and execute c... • https://www.qnap.com/en/security-advisory/qsa-24-36 • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 0CVE-2024-38644 – Notes Station 3
https://notcve.org/view.php?id=CVE-2024-38644
22 Nov 2024 — An OS command injection vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote authenticated attackers to execute commands. We have already fixed the vulnerability in the following version: Notes Station 3 3.9.7 and later An OS command injection vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote authenticated attackers to execute commands. We have already fixed the vulnerability in the following... • https://www.qnap.com/en/security-advisory/qsa-24-36 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38645 – Notes Station 3
https://notcve.org/view.php?id=CVE-2024-38645
22 Nov 2024 — A server-side request forgery (SSRF) vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote authenticated attackers to read application data. We have already fixed the vulnerability in the following version: Notes Station 3 3.9.7 and later A server-side request forgery (SSRF) vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote authenticated attackers to read application data. We have already fixe... • https://www.qnap.com/en/security-advisory/qsa-24-36 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38646 – Notes Station 3
https://notcve.org/view.php?id=CVE-2024-38646
22 Nov 2024 — An incorrect permission assignment for critical resource vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow local authenticated attackers who have gained administrator access to read or modify the resource. We have already fixed the vulnerability in the following version: Notes Station 3 3.9.7 and later An incorrect permission assignment for critical resource vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could a... • https://www.qnap.com/en/security-advisory/qsa-24-36 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38647 – QNAP AI Core
https://notcve.org/view.php?id=CVE-2024-38647
22 Nov 2024 — An exposure of sensitive information vulnerability has been reported to affect QNAP AI Core. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. We have already fixed the vulnerability in the following version: QNAP AI Core 3.4.1 and later An exposure of sensitive information vulnerability has been reported to affect QNAP AI Core. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. We have already fixed the... • https://www.qnap.com/en/security-advisory/qsa-24-40 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-540: Inclusion of Sensitive Information in Source Code •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2024-48860 – QHora
https://notcve.org/view.php?id=CVE-2024-48860
22 Nov 2024 — An OS command injection vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow remote attackers to execute commands. We have already fixed the vulnerability in the following version: QuRouter 2.4.3.103 and later An OS command injection vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow remote attackers to execute commands. We have already fixed the vulnerability in the following version: QuR... • https://www.qnap.com/en/security-advisory/qsa-24-44 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48862 – QuLog Center
https://notcve.org/view.php?id=CVE-2024-48862
22 Nov 2024 — A link following vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. We have already fixed the vulnerability in the following versions: QuLog Center 1.7.0.831 ( 2024/10/15 ) and later QuLog Center 1.8.0.888 ( 2024/10/15 ) and later A link following vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability co... • https://www.qnap.com/en/security-advisory/qsa-24-46 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 6%CPEs: 1EXPL: 1CVE-2024-50395 – Media Streaming add-on
https://notcve.org/view.php?id=CVE-2024-50395
22 Nov 2024 — An authorization bypass through user-controlled key vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow local network attackers to gain privilege. We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.6 ( 2024/08/02 ) and later An authorization bypass through user-controlled key vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow local network attacke... • https://github.com/neko-hat/CVE-2024-50395 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38640 – Download Station
https://notcve.org/view.php?id=CVE-2024-38640
06 Sep 2024 — A cross-site scripting (XSS) vulnerability has been reported to affect Download Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Download Station 5.8.6.283 ( 2024/06/21 ) and later A cross-site scripting (XSS) vulnerability has been reported to affect Download Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have ... • https://www.qnap.com/en/security-advisory/qsa-24-35 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38642 – QuMagie
https://notcve.org/view.php?id=CVE-2024-38642
06 Sep 2024 — An improper certificate validation vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow local network users to compromise the security of the system via unspecified vectors. We have already fixed the vulnerability in the following version: QuMagie 2.3.1 and later An improper certificate validation vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow local network users to compromise the security of the system via unspecified... • https://www.qnap.com/en/security-advisory/qsa-24-34 • CWE-295: Improper Certificate Validation •