CVSS: 8.7EPSS: 0%CPEs: -EXPL: 0CVE-2023-51365 – QTS, QuTS hero, QuTScloud
https://notcve.org/view.php?id=CVE-2023-51365
Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.4.2596 compilación 20231128 y posteriores QTS 4.5.4.2627 compilación 20231225 y posteriores QuTS hero h5.1.3.2578 compilación 20231110 y posteriores QuTS hero h4.5.4.2626 compilación 20231225 y posteriores QuTScloud c5.1.5.2651 y posteriores This vulnerability allows remote attackers to execute arbitrary code on affected installations of QNAP TS-464 NAS devices. • https://www.qnap.com/en/security-advisory/qsa-24-14 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-27124 – QTS, QuTS hero, QuTScloud
https://notcve.org/view.php?id=CVE-2024-27124
If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later Se ha informado que una vulnerabilidad de inyección de comandos del sistema operativo afecta a varias versiones del sistema operativo QNAP. ... Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.3.2578 compilación 20231110 y posteriores QTS 4.5.4.2627 compilación 20231225 y posteriores QuTS hero h5.1.3.2578 compilación 20231110 y posteriores QuTS hero h4.5.4.2626 compilación 20231225 y posteriores QuTScloud c5.1.5.2651 y posteriores This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP TS-464 NAS devices. ... The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. • https://www.qnap.com/en/security-advisory/qsa-24-09 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.9EPSS: 0%CPEs: -EXPL: 0CVE-2024-32764 – myQNAPcloud Link
https://notcve.org/view.php?id=CVE-2024-32764
Ya hemos solucionado la vulnerabilidad en la siguiente versión: myQNAPcloud Link 2.4.51 y posteriores This vulnerability allows remote attackers to execute arbitrary code on affected installations of QNAP TS-464 NAS devices. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. • https://www.qnap.com/en/security-advisory/qsa-24-09 • CWE-306: Missing Authentication for Critical Function CWE-346: Origin Validation Error CWE-749: Exposed Dangerous Method or Function •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-32766 – QTS, QuTS hero, QuTScloud
https://notcve.org/view.php?id=CVE-2024-32766
If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later Se ha informado que una vulnerabilidad de inyección de comandos del sistema operativo afecta a varias versiones del sistema operativo QNAP. ... Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.3.2578 compilación 20231110 y posteriores QTS 4.5.4.2627 compilación 20231225 y posteriores QuTS hero h5.1.3.2578 compilación 20231110 y posteriores QuTS hero h4.5.4.2626 compilación 20231225 y posteriores QuTScloud c5.1.5.2651 y posteriores This vulnerability allows remote attackers to execute arbitrary code on affected installations of QNAP TS-464 NAS devices. ... The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of admin. • https://www.qnap.com/en/security-advisory/qsa-24-09 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0740 – Eclipse Target Management <= 4.5.500 Command Injection
https://notcve.org/view.php?id=CVE-2024-0740
Eclipse Target Management: Terminal and Remote System Explorer (RSE) version <= 4.5.400 has a remote code execution vulnerability that does not require authentication. The fixed version is included in Eclipse IDE 2024-03 Eclipse Target Management: Terminal and Remote System Explorer (RSE) versión <= 4.5.400 tiene una vulnerabilidad de ejecución remota de código que no requiere autenticación. • https://git.eclipse.org/r/c/tm/org.eclipse.tm/+/202145 https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/171 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •