CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 7CVE-2018-0706 – QNAP Qcenter Virtual Appliance - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-0706
Exposure of Private Information in QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to access sensitive information. Exposición de información privada en QNAP Q'center Virtual Appliance en versiones 1.7.1063 y anteriores podría permitir que usuarios autenticados accedan a información sensible. QNAP Qcenter Virtual Appliance versions 1.6.1056 (20170825) and 1.6.1075 (20171123) suffer from information disclosure and command injection vulnerabilities. • https://www.exploit-db.com/exploits/45015 https://www.exploit-db.com/exploits/45043 http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html http://seclists.org/fulldisclosure/2018/Jul/45 https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities https://www.qnap.com/zh-tw/security-advisory/nas-201807-10 https://www.securityfocus.com/archive/1/542141/100/0/threaded https://seclists.org/fulldiscl •
CVSS: 9.0EPSS: 11%CPEs: 1EXPL: 5CVE-2018-0709 – QNAP Qcenter Virtual Appliance - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-0709
Command injection vulnerability in date of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands. Vulnerabilidad de inyección de comandos en date en QNAP Q'center Virtual Appliance en versiones 1.7.1063 y anteriores podría permitir que usuarios autenticados ejecuten comandos arbitrarios. QNAP Qcenter Virtual Appliance versions 1.6.1056 (20170825) and 1.6.1075 (20171123) suffer from information disclosure and command injection vulnerabilities. • https://www.exploit-db.com/exploits/45015 http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html http://seclists.org/fulldisclosure/2018/Jul/45 https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities https://www.qnap.com/zh-tw/security-advisory/nas-201807-10 https://www.securityfocus.com/archive/1/542141/100/0/threaded • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •