CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2024-48863 – License Center
https://notcve.org/view.php?id=CVE-2024-48863
06 Dec 2024 — A command injection vulnerability has been reported to affect License Center. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following version: License Center 1.9.43 and later A command injection vulnerability has been reported to affect License Center. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following version: License ... • https://www.qnap.com/en/security-advisory/qsa-24-50 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2024-50393 – QTS, QuTS hero
https://notcve.org/view.php?id=CVE-2024-50393
06 Dec 2024 — A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later A command injection vulnerability has been reported to affect several QNAP op... • https://www.qnap.com/en/security-advisory/qsa-24-49 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.7EPSS: 0%CPEs: 4EXPL: 0CVE-2024-48868 – QTS, QuTS hero
https://notcve.org/view.php?id=CVE-2024-48868
06 Dec 2024 — An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later An improper neutralization of CRLF s... • https://www.qnap.com/en/security-advisory/qsa-24-49 • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') •
CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 0CVE-2024-48867 – QTS, QuTS hero
https://notcve.org/view.php?id=CVE-2024-48867
06 Dec 2024 — An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later An improper neutralization of CRLF s... • https://www.qnap.com/en/security-advisory/qsa-24-49 • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-48865 – QTS, QuTS hero
https://notcve.org/view.php?id=CVE-2024-48865
06 Dec 2024 — An improper certificate validation vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow attackers with local network access to compromise the security of the system. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later An improper certificate validati... • https://www.qnap.com/en/security-advisory/qsa-24-49 • CWE-295: Improper Certificate Validation •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-48859 – QTS, QuTS hero
https://notcve.org/view.php?id=CVE-2024-48859
06 Dec 2024 — An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later An improper authentication vulnerability has been reported ... • https://www.qnap.com/en/security-advisory/qsa-24-49 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50389 – QuRouter
https://notcve.org/view.php?id=CVE-2024-50389
06 Dec 2024 — A SQL injection vulnerability has been reported to affect QuRouter. If exploited, the vulnerability could allow remote attackers to inject malicious code. We have already fixed the vulnerability in the following version: QuRouter 2.4.5.032 and later A SQL injection vulnerability has been reported to affect QuRouter. If exploited, the vulnerability could allow remote attackers to inject malicious code. We have already fixed the vulnerability in the following version: QuRouter 2.4.5.032 and later • https://www.qnap.com/en/security-advisory/qsa-24-45 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50387 – SMB Service
https://notcve.org/view.php?id=CVE-2024-50387
06 Dec 2024 — A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to inject malicious code. We have already fixed the vulnerability in the following version: SMB Service 4.15.002 and later SMB Service h4.15.002 and later A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to inject malicious code. We have alrea... • https://www.qnap.com/en/security-advisory/qsa-24-42 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2024-50388 – HBS 3 Hybrid Backup Sync
https://notcve.org/view.php?id=CVE-2024-50388
06 Dec 2024 — An OS command injection vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to execute commands. We have already fixed the vulnerability in the following version: HBS 3 Hybrid Backup Sync 25.1.1.673 and later An OS command injection vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to execute commands. We have already fixed the vulnerability in the follo... • https://www.qnap.com/en/security-advisory/qsa-24-41 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.1EPSS: 8%CPEs: 4EXPL: 2CVE-2024-53691 – QTS, QuTS hero
https://notcve.org/view.php?id=CVE-2024-53691
06 Dec 2024 — A link following vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QTS 5.2.0.2802 build 20240620 and later QuTS hero h5.1.8.2823 build 20240712 and later QuTS hero h5.2.0.2802 build 20240620 and later A link following vulnerability... • https://packetstorm.news/files/id/188635 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •