CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-27124 – QTS, QuTS hero, QuTScloud
https://notcve.org/view.php?id=CVE-2024-27124
Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.3.2578 compilación 20231110 y posteriores QTS 4.5.4.2627 compilación 20231225 y posteriores QuTS hero h5.1.3.2578 compilación 20231110 y posteriores QuTS hero h4.5.4.2626 compilación 20231225 y posteriores QuTScloud c5.1.5.2651 y posteriores This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP TS-464 NAS devices. ... An attacker can leverage this vulnerability to execute code in the context of root. • https://www.qnap.com/en/security-advisory/qsa-24-09 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-32764 – myQNAPcloud Link
https://notcve.org/view.php?id=CVE-2024-32764
Ya hemos solucionado la vulnerabilidad en la siguiente versión: myQNAPcloud Link 2.4.51 y posteriores This vulnerability allows remote attackers to execute arbitrary code on affected installations of QNAP TS-464 NAS devices. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. • https://www.qnap.com/en/security-advisory/qsa-24-09 • CWE-306: Missing Authentication for Critical Function CWE-346: Origin Validation Error CWE-749: Exposed Dangerous Method or Function •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-32766 – QTS, QuTS hero, QuTScloud
https://notcve.org/view.php?id=CVE-2024-32766
Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.3.2578 compilación 20231110 y posteriores QTS 4.5.4.2627 compilación 20231225 y posteriores QuTS hero h5.1.3.2578 compilación 20231110 y posteriores QuTS hero h4.5.4.2626 compilación 20231225 y posteriores QuTScloud c5.1.5.2651 y posteriores This vulnerability allows remote attackers to execute arbitrary code on affected installations of QNAP TS-464 NAS devices. ... An attacker can leverage this vulnerability to execute code in the context of admin. • https://www.qnap.com/en/security-advisory/qsa-24-09 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0740 – Eclipse Target Management <= 4.5.500 Command Injection
https://notcve.org/view.php?id=CVE-2024-0740
Eclipse Target Management: Terminal and Remote System Explorer (RSE) version <= 4.5.400 has a remote code execution vulnerability that does not require authentication. The fixed version is included in Eclipse IDE 2024-03 Eclipse Target Management: Terminal and Remote System Explorer (RSE) versión <= 4.5.400 tiene una vulnerabilidad de ejecución remota de código que no requiere autenticación. • https://git.eclipse.org/r/c/tm/org.eclipse.tm/+/202145 https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/171 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6116 – Remote Code Execution without authentication using stack overflow
https://notcve.org/view.php?id=CVE-2023-6116
Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the camera. An attacker could inject malicious into http request packets to execute arbitrary code. • https://www.hanwhavision.com/wp-content/uploads/2024/04/NVR-DVR-Vulnerability-Report-CVE-2023-6116.pdf • CWE-121: Stack-based Buffer Overflow •